AWS SAA-C03 Notes
-
S3 Transfer Acceleration = Edge Location 으로 transfer 해서 transfer speed 올리는 법
-
PrincipalOrgID = AWS Organization member accounts 만 접근 가능하게 for resource policies
-
Secrets Manager vs Parameter Store
- Secrets Manager = Auto Rotation
-
CloudFront vs Global Accelerator (both support Shield for DDoS)
- CloudFront = CDN for fast static content delivery, dynamic content (API acceleration)
- Origin = S3, ALB, EC2, HTTP backend
- Global Accelerator = Best routing by using Edge Locations
- TCP/UDP, MQTT(IoT), VoIP, HTTP with static IP address
- Provides static IP
- CloudFront = CDN for fast static content delivery, dynamic content (API acceleration)
-
Network Firewall = provides filtering for both inbound and outbound network traffic
-
GLB = L3 (IP Packets)
-
EBS Fast Snapshot Restore (FSR) = no latency on first use
-
SSO + MSAD = two-way forest trust AWS Directory Service for MSAD
-
AWS Config rules = to check resources that are not properly tagged
-
AWS Shield Advanced = ELB, CF, GA, R53
-
DR RPO/RTO order
-
DDB PITR vs AWS Backup
- PITR = recover table to any point in time in a rolling 35 day window
- Backup = for long-term archiving and retention
-
Glue Job Bookmarks = prevent re-processing old data
-
S3 Legal Hold
- Protect the object indefinitely, independent from the retention period
- Can be freely placed and removed using the
s3:PutObjectLegalHold
IAM permission
-
Control Tower & SCPs can prevent VPCs from having access to Internet
-
CloudFront field-level encryption = allow to protect sensitive information throughout the application stack
-
Storage Gateway = iSCSI
- S3 File GW = extend storage space by leveraging Amazon S3, supports SMB
- FSx File GW?
- Volume GW
- stored volumes = your primary data is stored locally and your entire dataset is available for low-latency access while asynchronously backed up to AWS
- cached volumes = your primary data is written to S3, while retaining your frequently accessed data locally in a cache for low-latency access
- Tape GW?
-
S3 signed cookies & signed URLs for who do not have cookie support or unable to change hardcoded URLs
-
Compute Savings Plan vs EC2 Instance Savings Plan
- EC2 Instance Savings Plan = EC2 only & instance family committed
-
S3 Storage Lens
- Identify S3 buckets that are no longer being accessed or are rarely accessed
- Identify versioning enabled
-
S3 Inventory Report = List of unencrypted objects
-
SQS FIFO vs SQS
- FIFO = more expensive, guarantees processing exactly once
- Standard = at least once
-
FSx
- Amazon FSx for Lustre = SMB
- Amazon FSx for OpenZFS = NFS
- Amazon FSx for NetApp ONTAP = NFS, SMB, iSCSI
-
Lambda reserved concurrency vs provisioned concurrency
- reserved concurrency?
- provisioned concurrency
- SnapStart for Java can improve startup performance for latency-sensitive applications by up to 10x at no extra cost
-
Direct Connect vs VPN vs PrivateLink?
- PrivateLink with VPC endpoint allows to connect services across different accounts and VPCs
-
GW VPC Endpoint vs Interface VPC Endpoint
- GW Endpoint = for S3 and DDB, doesn’t allow from on-prem, peered VPCs in other Regions, or TGW
-
Kinesis Firehose vs Streams
-
io vs gp
- gp2 vs gp3 = gp3 is cheaper and better
- io1/2 supports Multi-Attach
-
Global, Reduce latency, health checks, no failover = Amazon CloudFront
-
Global ,Reduce latency, health checks, failover, Route traffic = Amazon Route 53
-
Use Workload Discovery on AWS to generate architecture diagrams of the workloads
-
Transfer Family supports AS2
-
Amazon S3 Glacier:
- Expedited Retrieval: Provides access to data within 1-5 minutes.
- Standard Retrieval: Provides access to data within 3-5 hours.
- Bulk Retrieval: Provides access to data within 5-12 hours.
-
Amazon S3 Glacier Deep Archive:
- Standard Retrieval: Provides access to data within 12 hours.
- Bulk Retrieval: Provides access to data within 48 hours.
-
X-Ray = trace the requests between the microservices