Please enable JavaScript.
Coggle requires JavaScript to display documents.
AWS Solutions Architect Associate - Coggle Diagram
AWS Solutions Architect Associate
Edge Services
CloudFront
Accelerate both cacheable and dynamic content
Global Accelerator
Proxy packets for non-HTTP overt TCP/UDP
Security
AWS Network Firewall
Protect the entire VPC
Gateway Load Balancer under the hood
SSM
Run command to patch EC2s
Session Manager
Connect to EC2 without SSH, bastion host
Port 22 not open, more secure
IAM
PRAE
Credential Report (account-level)
IAM Access Advisor (user-level)
Decoupling Applications
Kinesis
Makes it easy to collect, process and analyse streaming data in real-time
Kinesis Data Streams
capture, process, store data streams
retention 1 - 365 days
provisioned vs on-demand mode
for ingestion at scale, write custom code
Kinesis Data Firehose
load data streams into data stores
batches record (up to 1 MB) and writes to data store
near real-time
, 60s latency min. for non-full batches
load streaming data into data stores, data don't persist
Kinesis Data Analytics
analyse data streams with SQL/Flink
Databases
DynamoDB
Milliseconds
latency, suitable to be used as a cache
Capacity modes
: provisioned with optional autoscaling and on-demand
Multi-AZ
by default, automated backup to 35 days with PITR
Import/export to s3 without RCU/WCU
Global table
to replicate regions
AWS RDS
RDS Proxy
Large no. of open connections can exhaust compute resoruces
Pool and share connections established with the database
Aurora
Database Cloning
Recommended to use this to create staging copy of production
Faster than restoring from snapshot
Neworking
S3
Cross-Region Replication
Low-latency access in another region
No additional cost
S3 Transfer Acceleration
Speeds up long-distance data transfers of large objects
Routing data through CloudFront's globally distributed edge locations
Storage
Block
EBS
FSR allows you to instantly restore EBS snapshots to fully initialized volumes at peak performance without the usual initialization delay
EC2 Instance Store
Transfer
AWS Storage Gateway
Bridge on-premise and AWS
Need on-premise virtualisation or hardware
S3 File Gateway
NFS
&
SMB
protocol
Most
recent
data
cached
FSx File Gateway
Windows
File Server (SMB, NTFS, AD...)
Local cache for frequent data
Useful for group file shares and home directories
Volume Gateway
Block storage using
iSCSI
protocol backed by S3
Cached volumes
: low latency access to most recent data
Stored volumes
: entire dataset is on premise, scheduled backups to S3
Tape Gateway
Physical tape
Snow Family
Security
GuardDuty
Continuously monitor and protect AWS accounts, workloads, and data from malicious activity and unauthorized behavior (
anti-virus
)
Firewall Manager
Centralized security management service that simplifies and automates the configuration and enforcement of
firewall rules
across multiple AWS accounts and resources
Shield
managed
DDoS protection
service that safeguards AWS-hosted applications against various types of DDoS attacks
Monitoring
CloudWatch
Can share a dashboard to up to 5 people who doesn't have access to the AWS account
CloudWatch doesn't track memory metrics for EC2
Misc.
AppFlow
transfer data between
SaaS
applications and AWS services
SES
AWS Backup
Route 53
Routing:
Simple: random, no health checks
Weighted: non-random, can have health checks
Latency: failover + health checks
Geolocation: health checks
Geoproximity:
Multi-value: can have health checks, return only values for healthy resources
Compute
EC2
Storage
Network-attached: EBS & EFS
Hardware: EC2 Instance Store (for max. performance)
Security Group
Firewall for EC2
Contains only "allow"
Can be attached to multiple EC2s
Locked dow n to region/VPC combination
Type:
m5.2xlarge
t/m: general purpose
c: compute optimised
r: memory optimised
I, D, H: storage optimised
Purchasing Options
Reserved
: 1 & 3 years. 72% discount. Specify instance attributes or Convertible Reserved Instance.
Savings plans
: 1 & 3 years, commit to a region and instance family and $ per hour.
Can be used for Fargate/Lambda
Dedicated hosts:
book entire physical server.
BYOL
.
Dedicated instance:
nobody to share the hardware
Capacity reservation
: reserve in any AZ, short-term, uninterrupted workloads that need to be in an AZ