Amazon API Gateway
- easy for developers to create, publish, maintain, monitor, and secure APIs at any scale
- handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls
- including traffic management, authorization and access control, monitoring, and API version management
- Amazon API Gateway has no minimum fees or startup costs. You **pay **only for the API calls you receive and the amount of data transferred out.
- This is a HIPAA eligible service.
- Together with Lambda, API Gateway forms the app-facing part of the AWS serverless infrastructure
Amazon Route 53
- domain registration
- DNS routing
- health checking
Amazon Route 53 routng
Latency Routing lets Amazon Route 53 serve user requests from the AWS Region that provides the lowest latency. It does not, however, guarantee that users in the same geographic region will be served from the same location.
Geoproximity Routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources. You can also optionally choose to route more traffic or less to a given resource by specifying a value, known as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource.
Geolocation Routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from.
Weighted Routing lets you associate multiple resources with a single domain name (tutorialsdojo.com) or subdomain name (subdomain.tutorialsdojo.com) and choose how much traffic is routed to each resource.
AWS RDS switchover
In Amazon RDS, failover is automatically handled so that you can resume database operations as quickly as possible without administrative intervention in the event that your primary database instance goes down. When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary.
AWS Organizations
- AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization
- consolidated billing
- this service is free
AWS IAM Identity Center (successor to AWS Single Sign-On)
AWS IAM Identity Center (successor to AWS Single Sign-On) provides single sign-on access for all of your AWS accounts and cloud applications. It connects with Microsoft Active Directory through AWS Directory Service to allow users in that directory to sign in to a personalized AWS access portal using their existing Active Directory user names and passwords. From the AWS access portal, users have access to all the AWS accounts and cloud applications that they have permission for.
Users in your self-managed directory in Active Directory (AD) can also have single sign-on access to AWS accounts and cloud applications in the AWS access portal.
What is BYOIP?
With BYOIP, you can bring your pre-owned, trusted IP addresses into AWS and use them as Elastic IPs (EIPs). This allows you to map these IPs to AWS services without needing to update your clients’ whitelists.
AWS Control Tower
AWS Control Tower provides a single location to easily set up your new well-architected multi-account environment and govern your AWS workloads with rules for security, operations, and internal compliance. You can automate the setup of your AWS environment with best-practices blueprints for multi-account structure, identity, access management, and account provisioning workflow. For ongoing governance, you can select and apply pre-packaged policies enterprise-wide or to specific groups of accounts.
* preventing the deployment of resources that don’t conform to selected policies or detecting non-conformance of provisioned resources.
* To save time and resources, you can use AWS Control Tower to automate account creation. With the appropriate user group permissions, you can specify standardized baselines and network configurations for all accounts in the organization.
AWS Resource Access Manager
The AWS Resource Access Manager (RAM) service simply helps you to securely share your resources across AWS accounts or within your organization or organizational units (OUs) in AWS Organizations. It is not capable of launching new AWS accounts with preapproved configurations.
AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM.
You can create resources centrally in a multi-account environment, and use RAM to share those resources across accounts in three simple steps: create a Resource Share, specify resources, and specify accounts. RAM is available to you at no additional charge.
AWS Config
AWS Config cannot provision accounts. A conformance pack is only a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an account and a Region or across an organization in AWS Organizations.
AWS Systems Manager OpsCenter
AWS Systems Manager is just a collection of services used to manage applications and infrastructure running in AWS that is usually in a single AWS account. The AWS Systems Manager OpsCenter service is just one of the capabilities of AWS Systems Manager, provides a central location where operations engineers and IT professionals can view, investigate, and resolve operational work items (OpsItems) related to AWS resources.
What are the prerequisites when routing traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket?
- An S3 bucket that is configured to host a static website. The bucket must have the same name as your domain or subdomain. For example, if you want to use the subdomain portal.tutorials.com, the name of the bucket must be portal.tutorials.com.
- A registered domain name. You can use Route 53 as your domain registrar, or you can use a different registrar.
- Route 53 as the DNS service for the domain. If you register your domain name by using Route 53, we automatically configure Route 53 as the DNS service for the domain.
When do you need CORS to be enabled?
you only need to enable Cross-Origin Resource Sharing (CORS) when your client web application on one domain interacts with the resources in a different domain.
AWS DataSync versus AWS Storage Gateway
Key Differences:
AWS DataSync is designed for efficient, automated data transfers between on-premises storage and AWS. It is ideal for migrating large datasets, replicating data, or batch syncing data to the cloud.
**AWS Storage Gateway **is better suited for hybrid cloud storage scenarios, where local applications require continuous access to cloud-backed storage (e.g., file shares, backup volumes, or tape libraries). It provides a persistent connection between on-premises environments and AWS cloud storage, often with local caching for faster access to frequently used data.
Use Case Scenarios:
Use **AWS DataSync **if you need to move data to the cloud quickly, such as for data migration or backup. It’s more suited for one-time or periodic transfers.
Use AWS Storage Gateway if you want to extend your on-prem storage to AWS for regular access, backup, or archiving purposes, enabling seamless hybrid cloud architectures.
CloudWatch custom metric on EC2
To monitor custom metrics, you must install the CloudWatch agent on the EC2 instance. After installing the CloudWatch agent, you can now collect system metrics and log files of an EC2 instance.
Hence, the correct answer is: Install the CloudWatch agent on each instance and monitor the SwapUtilization metric.
Amazon Data Lifecycle Manager (Amazon DLM)
You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes. Automating snapshot management helps you to:
- Protect valuable data by enforcing a regular backup schedule.
- Retain backups as required by auditors or internal compliance.
- Reduce storage costs by deleting outdated backups.
- Combined with the monitoring features of Amazon CloudWatch Events and AWS CloudTrail, Amazon DLM provides a complete backup solution for EBS volumes at no additional cost.
Amazon MQ
Amazon MQ is primarily used as a managed message broker service and not a queue
S3 encryption
- Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3) request must include x-amz-server-side-encryption
- server-side encryption with customer-provided encryption keys (SSE-C), you must provide encryption key information using the following request headers:
- x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
You can encrypt connections for source and target endpoints by using Secure Sockets Layer (SSL). To do so, you can use the AWS DMS Management Console or AWS DMS API to assign a certificate to an endpoint. You can also use the AWS DMS console to manage your certificates.
Not all databases use SSL in the same way. Amazon Aurora MySQL-Compatible Edition uses the server name, the endpoint of the primary instance in the cluster, as the endpoint for SSL. An Amazon Redshift endpoint already uses an SSL connection and does not require an SSL connection set up by AWS DMS.
Amazon Simple Workflow Service (SWF)
- Amazon SWF is a powerful tool for managing complex, long-running workflows with distributed tasks. It simplifies the coordination of both human and machine activities while ensuring reliability, fault tolerance, and scalability for applications that need to handle complex workflows.
- you can use for creating a decoupled architecture in AWS
VPC IPV4 IPV6
- Your VPC can operate in dual-stack mode — your resources can communicate over IPv4, or IPv6, or both.
- IPv4 and IPv6 communication are independent of each other.
- You cannot disable IPv4 support for your VPC and subnets since this is the default IP addressing system for Amazon VPC and Amazon EC2.
- By default, a new EC2 instance uses an IPv4 addressing protocol.L
- While it is possible to create an IPv6-only subnet, this feature is only supported for nitro EC2 instance type.
Launch an Amazon Aurora Serverless database
this type of database is not suitable to be used as a key-value store. Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora where the database will automatically start-up, shut down, and scale capacity up or down based on your application’s needs. It enables you to run your database in the cloud without managing any database instances. It’s a simple, cost-effective option for infrequent, intermittent, or unpredictable workloads and not as a key-value store.
Tape Gateway
Tape Gateway enables you to replace physical tapes on-premises with virtual tapes in AWS without changing existing backup workflows. Tape Gateway supports all leading backup applications and caches virtual tapes on-premises for low-latency data access. Tape Gateway encrypts data between the gateway and AWS for secure data transfer and compresses data and transitions virtual tapes between Amazon S3 and Amazon S3 Glacier, or Amazon S3 Glacier Deep Archive, to minimize storage costs.
fanout to Amazon SQS queues
By default, an Amazon SNS topic subscriber receives every message published to the topic. You can use Amazon SNS message filtering to assign a filter policy to the topic subscription, and the subscriber will only receive a message that they are interested in. Using Amazon SNS and Amazon SQS together, messages can be delivered to applications that require immediate notification of an event. This method is known as fanout to Amazon SQS queues.
SQS
- In Amazon SQS, you can configure the message retention period to a value from 1 minute to 14 days. The default is 4 days. Once the message retention limit is reached, your messages are automatically deleted.
- A single Amazon SQS message queue can contain an unlimited number of messages. However, there is a 120,000 limit for the number of inflight messages for a standard queue and 20,000 for a FIFO queue.
