AWS SAA-C03 Notes

AWS SAA-C03 Notes

---

• S3 Transfer Acceleration = Edge Location 으로 transfer 해서 transfer speed 올리는 법

• PrincipalOrgID = AWS Organization member accounts 만 접근 가능하게 for resource policies

• Secrets Manager vs Parameter Store

  • Secrets Manager = Auto Rotation

• CloudFront vs Global Accelerator (both support Shield for DDoS)

  • CloudFront = CDN for fast static content delivery, dynamic content (API acceleration)
    • Origin = S3, ALB, EC2, HTTP backend
  • Global Accelerator = Best routing by using Edge Locations
    • TCP/UDP, MQTT(IoT), VoIP, HTTP with static IP address
    • Provides static IP

• Network Firewall = provides filtering for both inbound and outbound network traffic

• GLB = L3 (IP Packets)

• EBS Fast Snapshot Restore (FSR) = no latency on first use

• SSO + MSAD = two-way forest trust AWS Directory Service for MSAD

• AWS Config rules = to check resources that are not properly tagged

• AWS Shield Advanced = ELB, CF, GA, R53

• DR RPO/RTO order

• DDB PITR vs AWS Backup

  • PITR = recover table to any point in time in a rolling 35 day window
  • Backup = for long-term archiving and retention

• Glue Job Bookmarks = prevent re-processing old data

• S3 Legal Hold

  • Protect the object indefinitely, independent from the retention period
  • Can be freely placed and removed using the s3:PutObjectLegalHold IAM permission

• Control Tower & SCPs can prevent VPCs from having access to Internet

• CloudFront field-level encryption = allow to protect sensitive information throughout the application stack

• Storage Gateway = iSCSI

  • S3 File GW = extend storage space by leveraging Amazon S3, supports SMB
  • FSx File GW?
  • Volume GW
    • stored volumes = your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS
    • cached volumes = your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access
  • Tape GW?

• S3 signed cookies & signed URLs for who do not have cookie support or unable to change hardcoded URLs

• Compute Savings Plan vs EC2 Instance Savings Plan

  • EC2 Instance Savings Plan = EC2 only & instance family committed

• S3 Storage Lens

  • Identify S3 buckets that are no longer being accessed or are rarely accessed
  • Identify versioning enabled

• S3 Inventory Report = List of unencrypted objects

• SQS FIFO vs SQS

  • FIFO = more expensive, guarantees processing exactly once
  • Standard = at least once

• FSx

  • Amazon FSx for Lustre = SMB
  • Amazon FSx for OpenZFS = NFS
  • Amazon FSx for NetApp ONTAP = NFS, SMB, iSCSI

• Lambda reserved concurrency vs provisioned concurrency

  • reserved concurrency?
  • provisioned concurrency
  • SnapStart for Java can improve startup performance for latency-sensitive applications by up to 10x at no extra cost

• Direct Connect vs VPN vs PrivateLink?

  • PrivateLink with VPC endpoint allows to connect services across different accounts and VPCs

• GW VPC Endpoint vs Interface VPC Endpoint

  • GW Endpoint = for S3 and DDB, doesn’t allow from on-prem, peered VPCs in other Regions, or TGW

• Kinesis Firehose vs Streams

• io vs gp

  • gp2 vs gp3 = gp3 is cheaper and better
  • io1/2 supports Multi-Attach

• Global, Reduce latency, health checks, no failover = Amazon CloudFront

• Global ,Reduce latency, health checks, failover, Route traffic = Amazon Route 53

• Use Workload Discovery on AWS to generate architecture diagrams of the workloads

• Transfer Family supports AS2

• Amazon S3 Glacier:

  • Expedited Retrieval: Provides access to data within 1-5 minutes.
  • Standard Retrieval: Provides access to data within 3-5 hours.
  • Bulk Retrieval: Provides access to data within 5-12 hours.

• Amazon S3 Glacier Deep Archive:

  • Standard Retrieval: Provides access to data within 12 hours.
  • Bulk Retrieval: Provides access to data within 48 hours.

• X-Ray = trace the requests between the microservices