挨踢茶馆

  • 首页
  • AWS
  • 网络技术
    • 思科语音
    • 路由交换
  • 给我留言
  • 关于我
挨踢茶馆
专注于网络技术、云计算的技术博客
  1. 首页
  2. AWS
  3. 正文

AWS Certified Solutions Architect - Associate考试笔记

2017 年 8 月 11 日 10064点热度 0人点赞 1条评论

  挨踢小茶去年年底低分通过AWS(助理)解决方案架构师考试,现在把当时做的一些读书笔记记录下来。
综合来说,官网的FAQ是一定要看的,而且作为入门的第一个考试,对所有的AWS组件都应该要有一个初步的了解。


AWS-Solutions-Architect-Associate

阅览的资料

  • CloudAcedemy -  Video&Labs
  • ACloudGuru - Video
  • AWS White Paper
    • AWS Well-Architected Framework
    • Architecting for the Cloud: Best Practices
    • Building Fault-Tolerant Applications on AWS Whitepaper
    • Using AWS for Disaster Recovery Whitepaper
    • Operational Checklists for AWS
    • Web Hosting Best Practices Whitepaper
    • Leveraging Different Storage Options in the AWS Cloud Whitepaper
    • AWS Security Best Practices Whitepaper
    • Amazon Simple Email Service Best Practices Whitepaper
  • AWS FAQS
    • https://aws.amazon.com/s3/faqs/?nc1=f_ls
    • https://aws.amazon.com/vpc/faqs/
    • https://aws.amazon.com/ec2/faqs/
    • https://aws.amazon.com/sqs/faqs/
    • https://aws.amazon.com/rds/faqs/
    • https://aws.amazon.com/route53/faqs/
  • AWS Service Limits - http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
  • AWS Global Infrastructure - https://aws.amazon.com/about-aws/global-infrastructure/
    • 16 regions around the world and 42 Availability Zones
  • AWS Blog
    • EC2 Spot Instance Termination Notices
  • AWS DynamoDB Pratise!!
  • Spot fleet
  • AWS CodeDeploy - Youtue & Hand-on
  • AWS ElasticBeantalk
  • Amazon Kinesis
  • AWS CodeCommit - Youtue
    • AWS CodeCommit is a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories. CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
  • Controlling Which Instances Auto Scaling Terminates During Scale In
  • http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
  • https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/
  • http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination
  • https://media.amazonwebservices.com/AWS_Cloud_Best_Practices.pdf
  • https://d0.awsstatic.com/whitepapers/DDoS_White_Paper_June2015.pdf
  • http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html
  • http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html
Recovery time objective (RTO)
The time it takes after a disruption to restore a business process to its service level, as defined by the operational level agreement (OLA). For example, if a disaster occurs at 12:00 PM (noon) and the RTO is eight hours, the DR process should restore the business process to the acceptable service level by 8:00 PM.

 

Recovery point objective (RPO)
The acceptable amount of data loss measured in time. For example, if a disaster occurs at 12:00 PM (noon) and the RPO is one hour, the system should recover all data that was in the system before 11:00 AM. Data loss will span only one hour, between 11:00 AM and 12:00 PM (noon).

 

Amazon S3

Gateway-cached volumes
You can store your primary data in Amazon S3 and retain your frequently accessed data locally. Gateway-cached volumes provide substantial cost savings on primary storage, minimize the need to scale your storage on-premises, and retain low-latency access to your frequently accessed data.
Gateway-stored volumes
In the event that you need low-latency access to your entire data set, you can configure your gateway to store your primary data locally, and asynchronously back up point-in-time snapshots of this data to Amazon S3. Gateway-stored volumes provide durable and inexpensive off-site backups that you can recover locally or from Amazon EC2 if, for example, you need replacement capacity for disaster recovery.
Gateway-virtual tape library (gateway-VTL)
With gateway-VTL, you can have an almostlimitless collection of virtual tapes. You can store each virtual tape in a virtual tape library (VTL) backed by Amazon S3 or a virtual tape shelf (VTS) backed by Amazon Glacier. The virtual tape library exposes an industry standard iSCSI interface that provides your backup application with on-line access to the virtual tapes. When you no longer require immediate or frequent access to data contained on a virtual tape, you can use your backup application to move it from its VTL to your VTS to further reduce your storage costs.

EC2

Comparison of Security Groups and Network ACLs

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
The following table summarizes the basic differences between security groups and network ACLs.

 

Security Group Network ACL
Operates at the instance level (first layer of defense) Operates at the subnet level (second layer of defense)
Supports allow rules only Supports allow rules and deny rules
Is stateful: Return traffic is automatically allowed, regardless of any rules Is stateless: Return traffic must be explicitly allowed by rules
We evaluate all rules before deciding whether to allow traffic We process rules in number order when deciding whether to allow traffic
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on Automatically applies to all instances in the subnets it's associated with (backup layer of defense, so you don't have to rely on someone specifying the security group)

What is the underlying Hypervisor for EC2? - XEN

AWS Global Infrastructure

The AWS Cloud operates 42 Availability Zones within 16 geographic Regions around the world, with five more Availability Zones and two more Regions coming online throughout the next year.

 

AWS Regions and Availability Zones

The AWS Cloud infrastructure is built around Regions and Availability Zones (“AZs”). A Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. These Availability Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than would be possible from a single data center. The AWS Cloud operates 38 Availability Zones within 14 geographic Regions around the world.

  • Online Analytics Processing (OLAP) - Redshift
  • The valid ways of encrypting data on S3 are Server Side Encryption (SSE)-S3, SSE-C, SSE-KMS or a client library such as Amazon S3 Encryption Client.
  • Dynamal DB: The combined Value and Name combined must not exceed 400 KB
  • CloudWatch: Using the default settings metrics are sent every 5 minutes to CloudWatch. Using the detailed settings, metrics are then sent every 1 minute.

RDS

  • Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.
  • What AWS DB platform is most suitable for OLTP? - RDS
  • In RDS, what is the maximum value I can set for my backup retention period? - 35 Days

Comparison of NAT Instances and NAT Gateways

The following is a high-level summary of the differences between NAT instances and NAT gateways.

 

Attribute NAT gateway NAT instance
Availability Highly available. NAT gateways in each Availability Zone are implemented with redundancy. Create a NAT gateway in each Availability Zone to ensure zone-independent architecture. Use a script to manage failover between instances.
Bandwidth Supports bursts of up to 10Gbps. Depends on the bandwidth of the instance type.
Maintenance Managed by AWS.You do not need to perform any maintenance. Managed by you, for example, by installing software updates or operating system patches on the instance.
Performance Software is optimized for handling NAT traffic. A generic Amazon Linux AMI that's configured to perform NAT.
Cost Charged depending on the number of NAT gateways you use, duration of usage, and amount of data that you send through the NAT gateways. Charged depending on the number of NAT instances that you use, duration of usage, and instance type and size.
Type and size Uniform offering; you don’t need to decide on the type or size. Choose a suitable instance type and size, according to your predicted workload.
Public IP addresses Choose the Elastic IP address to associate with a NAT gateway at creation. Use an Elastic IP address or a public IP address with a NAT instance. You can change the public IP address at any time by associating a new Elastic IP address with the instance.
Private IP addresses Automatically selected from the subnet's IP address range when you create the gateway. Assign a specific private IP address from the subnet's IP address range when you launch the instance.
Security groups Cannot be associated with a NAT gateway. You can associate security groups with your resources behind the NAT gateway to control inbound and outbound traffic. Associate with your NAT instance and the resources behind your NAT instance to control inbound and outbound traffic.
Network ACLs Use a network ACL to control the traffic to and from the subnet in which your NAT gateway resides. Use a network ACL to control the traffic to and from the subnet in which your NAT instance resides.
Flow logs Use flow logs to capture the traffic. Use flow logs to capture the traffic.
Port forwarding Not supported. Manually customize the configuration to support port forwarding.
Bastion servers Not supported. Use as a bastion server.
Traffic metrics Not supported. View CloudWatch metrics.
Timeout behavior When a connection times out, a NAT gateway returns an RST packet to any resources behind the NAT gateway that attempt to continue the connection (it does not send a FIN packet). When a connection times out, a NAT instance sends a FIN packet to resources behind the NAT instance to close the connection.
IP fragmentation Supports forwarding of IP fragmented packets for the UDP protocol.

Does not support fragmentation for the TCP and ICMP protocols. Fragmented packets for these protocols will get dropped.

Supports reassembly of IP fragmented packets for the UDP, TCP, and ICMP protocols.
标签: Amazon Web Service Solutions Architect Associate
最后更新:2017 年 8 月 29 日

挨踢小茶

网络工程师/云计算架构师/云步道师/摄影爱好者

点赞
< 上一篇
下一篇 >

文章评论

razz evil exclaim smile redface biggrin eek confused idea lol mad twisted rolleyes wink cool arrow neutral cry mrgreen drooling persevering
取消回复

挨踢小茶

网络工程师/云计算架构师/云步道师/摄影爱好者

最新 热点 随机
最新 热点 随机
李飞飞自传《我看见的世界》读后感 Web3 Social 2023 @深圳 AIGC Prompt 的艺术和模型调优 UWA Day 2022 - 如何通过云计算构架高性能、高可靠、智能化的游戏 一文看懂 Amazon EKS 中的网络规划 利用 Direct Connect Gateway 和 Transit Gateway 打造跨国企业网络环境 SD-WAN 和专线混合组网中的高可用设计 为了加速Wordpress网站我踩过了哪些坑?含泪告诉你 利用 SD-WAN 和专线混合组网,加速境内外企业 IDC 和多云数据中心 运行7年之后博客更新主题
iPhone所引发的移动应用经济,50万美国人就业问题得到解决! 2012年Chrome浏览器市场份额有望超越IE Linux下安装TFTP server Cisco Agent Desktop 登录报错 Google网页新增函数绘制功能 VLAN Hopping介绍及如何防范 MOOC在线学习初探 互联网“泄漏门”蔓延至银行,用户资料被公开倒卖! 独立博客做成博客群好吗? 安装VMware Workstation提示the msi failed错误
链接表
  • FROYO's Blog
  • Pop's blog
  • TC的博客
  • 今天毕业
  • 挨踢茶馆在线教程
  • 月与灯依旧
  • 月小升博客
  • 泪雪博客
  • 海纳百川
  • 筑楼
  • 网络茶馆
  • 蓝卡
  • 郑晓个人博客
  • 陆鉴鑫的博客

COPYRIGHT © 2012-2023

Theme Kratos Made By Seaton Jiang

粤ICP备12007665号-1