Cheat Sheets / Test Questions

Compute
Availability Zones in Operation
§ EC2 instances can launch across multiple subnets
hosted in multiple availability zones

§ ELB can target instances across multiple availability

zones
Compute
§ Auto Scaling can scale instances across multiple
availability zones

§ Route 53 can distribute traffic across EC2 Instances and

ELB in different AZs and regions

§ DynamoDB is replicated across multiple availability

zones and optionally regions

§ RDS solutions are replicated across multiple availability

zones; Aurora can also be deployed multi-region
VPC’s Best Practice
§ Choose two availability zones providing high-
availability and disaster recovery
§ Different subnet types:
§ Compute
Public subnet for external facing resources
NAT, Load Balancers, Custom design
§ Private subnets for internal resources
§ Use Network ACLs to control private and public
subnet traffic
§ Custom routing tables for controlled traffic flow
§ Use the highly available NAT gateway service
VPC Functional Design
§ VPCs span all availability zones per AWS
region
§ Subnets are hosted within selected availability
Compute
zone
§ EC2 instances, Subnets, and EBS volumes
reside within a data center (AZ)
§ Route table entries direct subnet traffic flow
§ NACLs allow or deny subnet traffic flow
Multi-VPC Based on Requirements
§ Application isolation – public, private application
stack
§ Production from non-production – multiple
Compute
VPC’s
§ Compliance audit containment – multiple VPC’s,
flow logs
§ Multi – tenant isolation – VPC tenancy
§ Business unit design – VPC sharing
§ Shared corporate services – monitoring,
authentication
VPC Cheat Sheet
§ Internet gateway’s (IGW) provides access to the Internet
§ Virtual gateway’s (VGW) provides access to on-premise
data centers
§ A VPC Compute
can have one IGW and one VGW
§ NAT services provide outbound Internet access for
instances hosted in private subnets
§ Elastic IP addresses are static persistent public IP
addresses
§ Security groups secure EC2 instances hosted on subnets
§ NACL’s secure traffic at the subnet layer
Subnet Cheat Sheet
§ Subnets map to the availability zone where they are
created
§ Subnets do not span across availability zones
§ CIDR Ranges
Computein VPC can’t overlap (If you want to
peer later)
§ Subnets must be associated with a route table
§ Route table defines traffic flow

§ Public subnet – Internet Gateway (IGW) is attached

§ Private subnet – Virtual Private Gateway (VGW) is
attached
§ Protected subnet – no connectivity from the outside
world
NACL Cheat Sheet
§ Subnets map to the availability zone where they are
created
§ NACLs act as a firewall for associated subnets
§ NACLsCompute
control both inbound and outbound traffic
§ NACLs are stateless: Changes applied to an
incoming rule will not be applied to the outgoing
role NACL
§ A default NACL allows all inbound and outbound
rules
§ A custom NACL has both inbound and outbound
rules denied
Security Groups Best Practice
§ Avoid allowing incoming traffic on 0.0.0.0/0
§ Control ELB ingress rules using an ELB security
group
Compute
§ Restrict outbound rules – all outbound ports are
open by default
§ Manage security groups (Trusted Advisor)
§ Control security group modifications (IAM)
§ Review event tracking (CloudTrail)
§ Manage compliance (AWS Config)
Security Group Cheat Sheet
§ Security groups are assigned to instances
§ Multiple instances can be assigned the same
security
Computegroup
§ Security groups allow all outbound traffic by
default
§ Security groups process “allow rules”
§ Source or destination rules can point to another
security group
§ Security groups are evaluated as a whole, not in
order
ELB Cheat Sheet
§ Provides high-availability by distributing traffic
across multiple targets hosted in single or
multiple availability zones
§ Integrates
Computewith CloudWatch

§ Cross-zone load-balancing supported

§ Detects unhealthy targets and stops sending
traffic
§ Supports connection draining (deregistration)
§ SSL offloading (CLB / ALB)
§ Authentication (ALB)
ELB Best Practices
§Enablecross-zone load-balancing to distribute
requests evenly across multiple availability
zones
ComputeSSL
§Terminate on ALB saving CPU time and
less overhead decrypting requests at the
instance
§Monitor your ELB using CloudWatch to manage
the overall health and functionality of your
application deployment
§Formultiple region failover consider global load-
balancing utilizing Route 53 and traffic routing
policies
EC2 Cheat Sheet
§ Scaling computing capacity hosted in VPC’s
§ Preconfigured templates for instances called AMIs (Amazon
Machine Image)
§ PersistentCompute
storage uses EBS volumes
§ Ephemeral storage uses “temporary” volumes
§ Virtual firewalls called security groups secure your instances
§ Configuration after initial installation with user data scripts
§ Metadata retrieval using 169.254.169.254 from running EC2
instance
§ Secure logon uses public / private key pairs
§ Instance types define CPU, RAM, Storage
Multi-tier Cheat Sheet
§ IAM (User, Group, Role), Route 53, are global and
available everywhere
§ Most other AWS services are limited to, or within region
Compute
and do not copy data across regions unless configured
(S3, DynamoDB - Global Tables)
§ AMI are limited to region; however can be copied to other
region
§ EBS volumes are limited to Availability Zone where
created
§ EBS volumes be migrated by creating snapshots and
copying to another region
Multi-tier Cheat Sheet
§ Reserved instances are limited to Availability Zone
created in; can’t be migrated to another AZ, region
Compute
§ RDS instances are limited to region where created;
can be recreated in a different region using snapshots
or by promoting a Read Replica
§ S3 data is replicated within the region; can be moved
to another region using cross region replication
CloudWatch Cheat Sheet
§ Collect and track metrics with CloudWatch

§ Alert when Instances are under load

§ Collect and monitor log files with CloudWatch
Compute
logs
§ Alarm when errors occur in your system logs
§ Monitor EC2 Instances, DynamoDB tables, and
RDS instances
§ Provide automated alarms via CloudWatch,
SNS, or Events with Lambda functions
Database Scalability
§ Relational databases scale well vertically
§ Upgrade to a larger RDS instance
§ Add faster storage
§ Compute
IOPS
§ Horizontally scale using read replicas
§ Multi-AZ deployment – synchronously replicated
standby instance in a different AZ
§ Failure invokes automatic failover to the standby
without the need for manual intervention
§ Sharding – data split across multiple database
schemas each running in its own autonomous
primary database instance (A-E, F-J, etc.)
Database Options
DynamoDB
§ Document data model supports using JSON on
documents stored in Dynamo DB tables
§ Dynamo DB is designed with automatic synchronous
data replication across three facilities in a region
§ DynamoDB table can be Local or Global (Across
Compute
regions)

Aurora
§ Relational database engine with 5 times the
performance of MySQL
§ Fully managed – 6-way replication across 3 availability
zones
§ MySQL and PostgreSQL compatible
§ Database engine integrated with SSD Virtual SAN
§ Minimal database storage is10 GB; can scale to 64 TB
in 10 GB chunks
Understanding Durability
Data replication provides the redundant copies of data
S3 – multiple copies within the region, versioning,
cross region replication
EBS Compute
– multiple copies within the facility, manual
snapshots, manual copying between regions
Database Durability
§ Synchronous replication – the transaction is
complete only after it has been durably stored in
both the primary and secondary replicas
§ Synchronous replication has strong consistency
§ Asynchronous replication – changes performed on
the primary node are not immediately performed
on the replicas
RDS Cheat Sheet
§ On-demand provisioning
§ Automated backups
§ Automated
Compute recovery
§ User initiated “manual snapshots”
§ Automated replication
§ Change instance size
§ Change storage size
§ Basic monitoring metrics provided through
CloudWatch
Application Caching Cheat Sheet
§ Store previously calculated data for future use
§ Improve application performance
§ Store and retrieve information from fast in-
Compute
memory caches
§ ElastiCache or read replicas in front of database
servers
EBS Storage Cheat Sheet
§ EBS network attached block storage
§ EBS volumes cannot be shared with multiple EC2
Instances
§ MultipleCompute
volumes can be attached to a single EC2
Instance
§ Volumes can be detached and attached to another
EC2 Instance only in the same AZ
§ Snapshots cannot span across regions
§ Snapshots can be restored to a new volume in the
region
§ Snapshots can be copied to a different region and
restored as a volume in the new region
S3 Storage Cheat Sheet

§ Object level storage providing high durability;

objects stored on three facilities within a region
§ Storage tiers include Standard, Standard IA,
Compute
Reduced Redundancy
§ Pre-signed URLs can be used for sharing without
requiring AWS security credentials
§ Security provided by OAI User, signed URL’s for
RTMP distribution, or signed cookies
S3 Storage Cheat Sheet
§ Versioning allows preserving and retrieving
every stored object
§ Integrated
Computewith CloudTrail, CloudWatch, SNS,
and Lambda for event notifications
§ Lifecycle policies control the archiving of S3
data to Glacier vaults
§ Glacier data is automatically encrypted; secure
with vault lock policies
Stateless Apps
§Stateless components have no knowledge of any
activity
§Compute
resources are independent
Compute for processing
components
§Stateless
defines a “loose coupling”, or
“asynchronous integration
Asynchronous Integration

§ Loose coupling between services

§ Useful for designs that do not need immediate
response
Compute
§ One component generates the event
§ Another component processes the event

§ No direct point-to-point interaction between

application components
Stateless Cheat Sheet
§ No single point of failure
§ SQS – Subscribe to a queue
§ SNS – Subscribe to a notification topic
Compute
§ S3 – Web server hosting
§ CloudFront cached content from origin
§ S3 bucket
§ EC2 instance
§ On-premise server
AWS Scaling Cheat Sheet
§ Vertically – Increase RAM, CPU, I/O, or
networking speeds
§ Horizontally – increase the number of resources
Compute
§ Add more EBS hard drives to storage array
§ Scale out: 10 GiG chunks at a time with Aurora
§ Auto scale: add / remove instances to load-
balancing queue
§ Push: ELB, Auto Scaling, SNS, Global load-
balancing with Route 53
§ Pull: Message queue – Simple Queue Service
Automation Cheat Sheet
§ EC2 Auto Recovery – utilize CloudWatch alarm to
monitor and recover impaired EC2 Instances
§ Auto Scaling – scale healthy EC2 Instance capacity
up and down,
Computeacross multiple availability zones based
on your defined conditions
§ CloudWatch Alarms - when defined metrics, exceed
defined thresholds, for a period of time.
§ CloudWatch Events – near real-time system event
stream describing changes in AWS resources. Rules
throughout event types to Lambda functions, Kinesis
streams, SNS topic
§ Lambda Scheduled Events – custom Lambda
functions executing on a schedule
High Availability Cheat Sheet
Fault tolerance
§ Snapshots increase availability
§ EBS – Replicated within the availability zone
Compute
Fault tolerance and Highly Available
§ S3 – Replicated multiple times within the region
§ SQS – Highly available and scalable
§ SNS – Highly available and scalable
§ Route 53 – Global “Anycast” DNS service
§ RDS – Synchronous replication between Master
and Slave