美文网首页AWS
SAA-C02技术点摘要

SAA-C02技术点摘要

作者: 涣涣虚心0215 | 来源:发表于2021-05-24 15:48 被阅读0次

EFS

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
Amazon EFS is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies.
Amazon EFS is well suited to support a broad spectrum of use cases from home directories to business-critical applications. Customers can use EFS to lift-and-shift existing enterprise applications to the AWS Cloud. Other use cases include: big data analytics, web serving and content management, application development and testing, media and entertainment workflows, database backups, and container storage.
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. Amazon EC2 instances can access your file system across AZs, regions, and VPCs, while on-premises servers can access using AWS Direct Connect or AWS VPN.

RDS

Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region.
Amazon RDS Multi-AZ With Multi-AZ, your data is synchronously replicated to a standby in a different Availability Zone (AZ) of the same Region . In the event of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, minimizing disruption to your applications.
Multi-AZ standby cannot serve read requests, When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary.
You can also combine Read Replicas with Multi-AZ for your database engine upgrade process. You can create a Read Replica of your production database instance and upgrade it to a new database engine version. When the upgrade is complete, you can stop applications, promote the Read Replica to a standalone database instance, and switch over your applications. Since the database instance is already a Multi-AZ deployment, no additional steps are needed.
Transparent Data Encryption in Oracle is integrated with AWS CloudHSM, which allows you to securely generate, store, and manage your cryptographic keys in single-tenant Hardware Security Module (HSM) appliances within the AWS cloud.
Amazon RDS magnetic storage is useful for small database workloads where data is accessed less frequently(for RDS oracle and SQLServer)
Amazon RDS DB snapshots and automated backups are stored in S3, Automated backups are deleted when the DB instance is deleted. Only manually created DB Snapshots are retained after the DB Instance is deleted.

EC2 instance store

An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
If an instance reboots (intentionally or unintentionally), data in the instance store persists.

Data lost

EBS

Amazon EBS for data that must be quickly accessible and requires long-term persistence.
You create an EBS volume in a specific Availability Zone, and then attach it to an instance in that same Availability Zone. To make a volume available outside of the Availability Zone, you can create a snapshot and restore that snapshot to a new volume anywhere in that Region.

image.png

Global Accelerator

Endpoints in AWS Global Accelerator can be Network Load Balancers, Application Load Balancers, Amazon EC2 instances, or Elastic IP addresses. A static IP address serves as a single point of contact for clients, and Global Accelerator then distributes incoming traffic across healthy endpoints. Global Accelerator directs traffic to endpoints by using the port (or port range) that you specify for the listener that the endpoint group for the endpoint belongs to.
Each endpoint group can have multiple endpoints. You can add each endpoint to multiple endpoint groups, but the endpoint groups must be associated with different listeners.
Global Accelerator continually monitors the health of all endpoints that are included in an endpoint group. It routes traffic only to the active endpoints that are healthy. If Global Accelerator doesnג€™t have any healthy endpoints to route traffic to, it routes traffic to all endpoints.
** ELB** provides load balancing within one Region, AWS Global Accelerator provides traffic management across multiple Regions.

How is AWS Global Accelerator different from Amazon CloudFront(CDN)?
A: AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world.
CloudFront improves performance for both **cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery).
Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.
Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services integrate with AWS Shield for DDoS protection.

Amazon FSx

Amazon FSx for Windows File Server offers the lowest-cost file storage in the cloud for Windows applications and workloads, integrates with your on-premises Microsoft Active Directory (AD) as well as with AWS Microsoft Managed AD.
Amazon FSx for Lustre file systems can also be linked to Amazon S3 buckets, allowing you to access and process data concurrently from both a high-performance file system and from the S3 API

VPC endpoint:

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service (S3 and DynamoDB).

Restore Aurora and RDS

Restore Aurora:
If you use Amazon Aurora, you can restore an unencrypted Aurora DB cluster snapshot to an encrypted Aurora DB cluster if you specify an AWS Key Management Service (AWS KMS) encryption key when you restore from the unencrypted DB cluster snapshot
Restore RDS:
Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.

Route53 routing policy

Simple routing policy – Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website.
Failover routing policy – Use when you want to configure active-passive failover.
Geolocation routing policy – Use when you want to route traffic based on the location of your users.
Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
Multivalue answer routing policy – Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random.
Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify.

AWS WAF vs AWS Shield vs SCPs

AWS WAF is a firewall that protects your applications by allowing or blocking specific access, and also by stopping common attack patterns。
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS。
SCPs(Service Control Policy) offer central access controls for all IAM entities in your accounts. You can use them to enforce the permissions you want everyone in your business to follow. Using SCPs, you can give your developers more freedom to manage their own permissions because you know they can only operate within the boundaries you define.

Security group vs Network ACLs

A security group is a virtual firewall designed to protect AWS instances. It sits in front of designated instances and can be applied to EC2, Elastic Load Balancing (ELB) and Amazon Relational Database Service, among others。
Network ACLs differ from security groups in several ways. First, network ACLs do not protect individual instances; they cover entire subnets. Network ACLs provide wide net protection that can encompass lots of resources at the same time. They are stateless and require you to clearly and properly define rules for both inbound and outbound traffic; otherwise, you might have connection issues within your environment.

image.png
What are the differences between security groups in a VPC and network ACLs in a VPC?
Security groups in a VPC specify which traffic is allowed to or from an Amazon EC2 instance. Network ACLs operate at the subnet level and evaluate traffic entering and exiting a subnet. Network ACLs can be used to set both Allow and Deny rules. Network ACLs do not filter traffic between instances in the same subnet. In addition, network ACLs perform stateless filtering while security groups perform stateful filtering.

AWS Storage Gateway

Amazon s3 file gateway: A file interface to Amazon S3, accessible via NFS or SMB. The files are stored as S3 objects, allowing you to make use of specialized S3 features such as lifecycle management and cross-region replication. You can trigger AWS Lambda functions, run Amazon Athena queries, and use Amazon Macie to discover and classify sensitive data.
Amazon FSx File Gateway enables you to store and retrieve files in Amazon FSx for Windows File Server using the SMB protocol. Files written through Amazon FSx File Gateway are directly accessible in Amazon FSx for Windows File Server.
Amazon Volume Gateway provides block storage to your on-premises applications using iSCSI connectivity. Data on the volumes is stored in Amazon S3 and you can take point in time copies of volumes which are stored in AWS as Amazon EBS snapshots
Amazon Tape Gateway provides your backup application with an iSCSI virtual tape library (VTL) interface, consisting of a virtual media changer, virtual tape drives, and virtual tapes.

When do I use AWS DataSync and when do I use AWS Storage Gateway?
Use AWS DataSync to migrate existing data to Amazon S3, and subsequently use the File Gateway configuration of AWS Storage Gateway to retain access to the migrated data and for ongoing updates from your on-premises file-based applications.
You can use a combination of DataSync and File Gateway to minimize your on-premises infrastructure while seamlessly connecting on-premises applications to your cloud storage. AWS DataSync enables you to automate and accelerate online data transfers to AWS Storage services. After the initial data transfer phase using AWS DataSync, File Gateway provides your on-premises applications with low latency access to the migrated data. When using DataSync with NFS shares, POSIX metadata from your source on-premises storage is preserved, and permissions from the source storage apply when accessing your files using File Gateway.

RAM (AWS Resource Access Manager connection)

Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.
RAM: share resouces for different aws account

SLA

Redshift SLA is 3 9s,
RDS with Multi-AZ is 3.5 9s,
an EC2 instance is just 1 9.
Aurora Multi-Master has an availability SLA of 4 9s

Launch templates

defining a launch template instead of a launch configuration allows you to have multiple versions of a template. With versioning, you can create a subset of the full set of parameters and then reuse it to create other templates or template versions. For example, you can create a default template that defines common configuration parameters and allow the other parameters to be specified as part of another version of the same template.
We strongly recommend that you do not use launch configurations. They do not provide full functionality for Amazon EC2 Auto Scaling or Amazon EC2

VPC traffic mirroring

The traffic mirroring feature copies network traffic from Elastic Network Interface (ENI) of EC2 instances in your Amazon VPC. The mirrored traffic can be sent to another EC2 instance or to an NLB with a UDP listener. Traffic mirroring encapsulates all copied traffic with VXLAN headers. The mirror source and destination (monitoring appliances) can be in the same VPC or in a different VPC, connected via VPC peering or AWS Transit Gateway

Load Balancer

NLB: For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications we recommend using Network Load Balancer .
CLB: If your application is built within the EC2 Classic network then you should use Classic Load Balancer.
ALB: layer7, supported conditions are Host header, path, HTTP headers, methods, query parameters, and source IP CIDRs
Egress-Only Internet Gateway primarily used for VPCs that use IPv6 to enable instances in a private subnet to connect to the Internet or other AWS services, but prevent the Internet from initiating a connection with those instances

Placement Groups

image.png
Cluster placement group packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.
Partition placement groupspreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.
Spread placement group are recommended for applications that have a small number of critical instances that should be kept separate from each other. Launching instances in a spread placement group reduces the risk of simultaneous failures that might occur when instances share the same racks

Enhanced networking

Enhanced networking (ENA)provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies. There is no additional charge for using enhanced networking.

AWS CloudTrail

AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls. You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.

Aurora

Amazon Aurora Replica in the same or a different Availability Zone, when failing over, Amazon Aurora flips the canonical name record (CNAME) for your DB Instance to point at the healthy replica, which in turn is promoted to become the new primary. Start-tofinish, failover typically completes within 30 seconds.
Aurora Serverless and the DB instance or AZ become unavailable, Aurora will automatically recreate the DB instance** in a different AZ**.
Aurora single instance will attempt to create a new DB Instance in the same Availability Zone as the original instance

Termination policy

With the default termination policy, the behavior of the Auto Scaling group is as follows:

  1. If there are instances in multiple Availability Zones, choose the Availability Zone with the most instances and at least one instance that is not protected from scale in. If there is more than one Availability Zone with this number of instances, choose the Availability Zone with the instances that use the oldest launch configuration.
  2. Determine which unprotected instances in the selected Availability Zone use the oldest launch configuration. If there is one such instance, terminate it.
  3. If there are multiple instances to terminate based on the above criteria, determine which unprotected instances are closest to the next billing hour. (This helps you maximize the use of your EC2 instances and manage your Amazon EC2 usage costs.) If there is one such instance, terminate it.
  4. If there is more than one unprotected instance closest to the next billing hour, choose one of these instances at random.

S3

S3 that objects must be stored at least 30 days in the current storage class before you can transition them to STANDARD_IA or ONEZONE_IA.

AWS OpsWorks

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.

AWS logs

AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services.
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your entire VPC
CloudTrail is primarily used for IT audits and API logging of all your AWS resources(CloudTrail provides visibility into user activity by recording actions taken on your account).
CloudWatch is a monitoring and management service

AWS Step Functions vs SWF

AWS Step Functions is a serverless function orchestrator that makes it easy to sequence AWS Lambda functions and multiple AWS services into business-critical applications.
SWF fully-managed state tracker and task coordinator service

AWS bigdata

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information
Redshift Spectrum is primarily used to directly query open data formats stored in Amazon S3 without the need for unnecessary data movement, which enables you to analyze data across your data warehouse and data lake, together, with a single service
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
Amazon EMR with Compute Optimized Instances is a web service that uses an open-source Hadoop framework to quickly & cost-effectively process vast amounts of data

EFA vs ENA

Elastic Fabric Adapter (EFA) is a network device that you can attach to your Amazon EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications.
Elastic Network Adapters (ENAs) provide traditional IP networking features that are required to support VPC networking. EFAs provide all the same traditional IP networking features as ENAs, and they also support OS-bypass capabilities.
Attaching an Elastic Network Adapter (ENA) on each Amazon EC2 instance to accelerate High Performance Computing (HPC) is incorrect because Elastic Network Adapter (ENA) doesn't have OSbypass capabilities, unlike EFA

Amazon Athena

Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL.

AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

AWS CloudFormation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS.

AWS Directory Service

AWS Directory Service provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services. Directories store information about users, groups, and devices, and administrators use them to manage access to information and resources.

Elastic Beanstalk

Elastic Beanstalk, deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications

AWS Security Token Service (AWS STS)

AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources

Trusted Advisor

Trusted Advisor helps optimize your AWS infrastructure, improve security and performance, reduce the overall costs, and monitor service limits.

AWS Budgets

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

ENI

ENI attached to EC2:

  • When it's running (hot attach)
  • When it's stopped (warm attach)
  • When the instance is being launched (cold attach)

Instance store

Data in the instance store is lost under any of the following circumstances:

  • The underlying disk drive fails
  • The instance stops
  • The instance hibernates
  • The instance terminates
    remember reboot will not lost data

相关文章

  • SAA-C02技术点摘要

    EFS Amazon Elastic File System (Amazon EFS) provides a si...

  • 技术分析摘要

    1.看图要素=一个结构+一个周期。 2.技术应用要有场景作为前提。 3.“结构”是围绕价格的描述。“周期”是围绕时...

  • The Basic Concepts of Summarizat

    文本摘要技术是利用计算机自动实现文本分析、内容归纳和摘要自动生成的技术。 文本自动摘要的基本分类 文本自动摘要的分...

  • 突破自己的技术思维

    摘要: 不要沉迷于技术。 原文:突破自己的技术思维 公众号:歪脖贰点零 Fundebug经授权转载,版权归原作者所...

  • 思想的技术 摘要

    《思想的技术》 作者:(日)大前研一 1、大多数人思考问题时存在以下问题 把直觉当思考、把假设当结论、把现象当原因...

  • Java技术栈摘要

    本文从语言和生态两方面总结Java技术栈,作为Java工程师,这些知识点都是必备的,要牢牢印在脑子里的,不只是为了...

  • SAA-C02 考点概要

    Refer: https://jayendrapatil.com/aws-certified-solutions-...

  • 20171211-15问题整理

    总摘要: 读写分离. mysql RR点击查看技术分享链接 2017-12-11摘要: 读写分离. mysql ...

  • 00_目录_有趣技术探索与实践

    文集摘要:在扫盲贴的16篇文章之后,小哥又编写12篇纯技术短文,也是18年以来,在科研之余的一点技术探索。因为对技...

  • 20171204-08问题整理

    总摘要: post请求. java对象逃逸. 优化点击查看技术分享链接 2017-12-04摘要: post请求...

网友评论

    本文标题:SAA-C02技术点摘要

    本文链接:https://www.haomeiwen.com/subject/odhxsltx.html