AWS Solutions Architect - Associate

[TracyDai23]

Create billing alarm:

from Cloud Watch service, you can set billing alarm to send you notification automatically.

[TracyDai23]

S3

1. Remember that S3 is Object-based: i.e. allows you to upload files
2. Files can be from 0 Bytes to 5 TB
3. There is unlimited storage
4. Files are stored in Buckets
5. S3 is a universal namespace. That is, names must be unique globally
6. AWS will generate a DNS (Domain name)
7. Not suitable to install an operating system on.
8. Successful uploads will generate a HTTP 200 status code
9. You can turn on MFA Delete

S3 storage tiers:

1. S3 standard
2. S3-IA
3. S3 One Zone - IA
4. S3 - intelligent tiering
5. S3 Glacier
6. S3 Glacier Deep Archive

[TracyDai23]

S3 Versioning

1. Stores all versions of an object (including all writes and even if you delete an object).
2. Great backup tool
3. Once enabled, Versioning cannot be disabled, only suspended
4. Integrates with Lifecycle rules
5. Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.

S3 lifecycle

1. Automates moving your objects between the different storage tiers.
2. Can be used in conjunction with versioning.
3. Can be applied to current versions and previous versions.

AWS Organizations:

1. Always enable multi-factor on root account
2. Always use a strong and complex password on root account
3. Paying account should be used for billing purpose only. Do not deploy resources into the paying account
4. Enable/Disable AWS services using Service Control Policies (SCP) either or OU or on individual accounts.

[TracyDai23]

S3 - Cross-Access Access:

1. Using Bucket Policies & IAM (applies across the entire bucket). Programmatic Access Only.
2. Using Bucket ACL(Access Control List) &IAM (individual objects). Programmatic Access Only.
3. Cross-account IAM Roles. Programatic AND Console access.

S3 - Cross Region Replication:

1. Versioning must be enabled on both the source and destination buckets.
2. Files in an existing bucket are not replicated automatically.
3. All subsequent updated files will be replicated automatically
4. Delete markers are not replicated
5. Deleting individual versions or delete markers will not be replicated
6. Understand what Cross Region Replication is at a high level

[TracyDai23]

S3 CloudFront

1. Edge Location - This is the location where content will be cached. This is separate to an AWS Region/AZ
2. Origin - This is the origin of all the files that the CDN will distribute. This can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route53.
3. Distribution - This is the name given the CDN which consists of a collection of Edge Locations.
4. Web Distribution - Typically used for Websites
5. RTMP - Used for Media Streaming.
6. Edge locations are not just READ only - you can write to them too. (ie. put an object on to them)
7. Objects are cached for the file of the TTL(Time to Live).
8. You can clear cached objects, but you will be charged.

[TracyDai23]

EC2

Amazon Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Pricing methods:

1. On demand
2. Reserved
3. Spot
4. Dedicated Hosts

If the spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.

[TracyDai23]

EC2 instance

//difference between SSL(Https) and SSH

1. Termination Protection is turned off by default, you must turn it on.
2. On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.
3. EBS Root Volumes of your DEFAULT AMI's CAN be encrypted. You can also use a third party tool (such as bit locker ect) to encrypt the root volume, or this can be done when creating AMI's (lab to follow) in the AWS console or using the API.
4. Additional volumes can be encrypted.

Security Group:

1. All inbound traffic is blocked by default
2. All Outbound traffic is allowed
3. Changes to Security Groups take effect immediately
4. You can have any number of EC2 instances within a security group
5. You can have multiple security groups attached to EC2 instances
6. Security Groups are STATEFUL— if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules
7. If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again
8. You can not block specific IP addresses using Security Groups, instead use Network Access Control Lists
9. You can specify allow rules, but not deny rules. Deny rules will be available from VPC

[TracyDai23]

EBS

Amazon Elastic Block Store(EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

//Block Storage vs. Object Storage: With block storage, files are split into evenly sized blocks of data, each with its own address but with no additional information (metadata) to provide more context for what that block of data is. ... Object storage, by contrast, doesn't split files up into raw blocks of data.

Volume and Snapshots

1. Volumes exist on EBS. Think of EBS as a virtual hard disk
2. Snapshots exist on S3. Think of snapshots as a photograph of the disk.
3. Snapshots are point in time copies of Volumes.
4. Snapshots are incremental - this means that only the blocks that have changed since your last snapshot are moved to S3.
5. If this is your first snapshot, it may take some time to create.
6. To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.
7. However you can take a snap while the instance is running.
8. You can create AMI's from Snapshots.
9. You can change EBS volume sizes on the fly, including changing the size and storage type.
10. Volumes will ALWAYS be in the same availability zone as the EC2 instance.
11. To move an EC2 volume from one AZ to another, take a snapshot of it, create an AMI from the snapshot and then use the AMI to launch the EC2 instance in a new AZ(available zone).
12. To move an EC2 volume from one region to another, take a snapshot of it, create an AMI from the snapshot and then copy the AMI from one region to the other. Then use the copied AMI to launch the new EC2 instance in the new region.

EBS vs Instance Store

1. Instance Store Volumes are sometimes called Ephemeral Storage.
2. Instance store volumes cannot be stopped. If the underlying host fails, you will lose your data.
3. EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped.
4. You can reboot both, you will not lose your data.
5. By default, both ROOT volumes will be deleted on termination. However, with EBS volumes, you can tell AWS to keep the root device volume.

[TracyDai23]

ENI vs ENA vs EFA

In the exam you will be given different scenarios and you will be asked to choose whether you should use an ENI, EN or EFA.

1. ENI (Elastic Network Interface - essentially a virtual network card) For basic networking. Perhaps you need a separate management network to your production network or a separate logging network and you need to do this at low cost. In this scenario you need multiple ENIs for each network.
2. EN (Enhanced Networking) For when you need speeds between 10 Gbps and 100Gbps. Anywhere you need reliable, high throughput.
3. Elastic Fabric Adaptor For when you need to accelerate High Performance Computing (HPC) and machine learning applications or if you need to do an OS by-pass. If you see a scenario question mentioning HPC or ML and asking what network adaptor you want, choose EFA.

Encrypted Root Device Volumes:

1. Snapshots of encrypted volumes are encrypted automatically.
2. Volumes restored from encrypted snapshots are encrypted automatically.
3. You can share snapshots, but only if they are unencrypted.
4. These snapshots can be shared with other AWS accounts or made public.
5. You can now encrypt root device volumes upon creation of the EC2 instance.
6. Create a Snapshot of the unencrypted root device volume.
7. Create a copy of the Snapshot and select the encrypted option.
8. Create an AMI from the encrypted Snapshot.
9. Use the AMI to launch new encrypted instances.

[TracyDai23]

CloudWatch

1. CloudWatch is used for monitoring performance.
2. CloudWatch can monitor most of AWS as well as your applications that run on AWS.
3. CloudWatch with EC2 will monitor events every 5 minutes by default.
4. You can have 1 minute intervals by turning on detailed monitoring.
5. You can create CloudWatch alarms which trigger notifications.
6. CloudWatch is all about performance. CloudTrail is all about auditing.

CloudWatch lab:

What can I do with CloudWatch?

1. Dashboards - Creates awesome dashboards to see what is happening with your AWS environment.
2. Alarms - Allows you to set Alarms that notify you when particular thresholds are hit.
3. Events - CloudWatch Events helps you to respond to state changes in your AWS resources.
4. Logs - CloudWatch Logs helps you to aggregate, monitor and store logs.

[TracyDai23]

EC2 Instance Meta Data

1. Used to get information about an instance (such as public ip)
2. curl http://169.254.169.254/latest/meta-data/
3. curl http://169.254.169.254/latest/user-data/

[TracyDai23]

EFS (Elastic File System)

1. Supports the Network File System version 4 (NFSv4) protocol
2. You only pay for the storage you use (no pre-provisioning required.)
3. Can scale up to the petabytes
4. Can support thousands of concurrent NFS connections
5. Data is stored across multiple AZ's within a region
6. Read After Write Consistency //7. The benefit of using EFS is when you have two EC2 instances, they can use the same EFS storage, then there is no need to sync files between different EC2 instances.

[TracyDai23]

Database

RDS Backups, Multi-AZ & Read Replicas - LAB

There are two different types of Backups for RDS:

1. Automated Backups
2. Database snapshots Read Replicas
3. Can be Multi-AZ
4. Used to increase performance
5. Must have backups turned on.
6. Can be in different regions.
7. Can be MySQL, PostgreSQL, MariaDB, Oracle, Aurora
8. Can be promoted to master, this will break the Read Replica

MultiAZ: Used for Disaster Recovery; You can force a failover from one AZ to another by rebooting the RDS instance.

Encryption at rest is supported for MySQL, Oracle, SQL Server, PostgreSQL, MariaDB & Aurora. Encryption is done using the AWS Key Management Service (KMS) service. Once your RDS instance is encrypted, the data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

[TracyDai23]

Aurora

1. 2 copies of your data are contained in each availability zone, with minimum of 3 availability zones. 6 copies of your data.
2. You can share Aurora Snapshots with other AWS accounts.
3. 3 types of replicas available. Aurora Replicas, MySQL replicas & PostgreSQL replicas. Automated failover is only available with Aurora Replicas. //failover: a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails.
4. Aurora has automated backups turned on by default. You can also take snapshots with Aurora. You can share these snapshots with other AWS accounts.
5. Use Aurora Serverless if you want a simple, cost-effective option for infrequent, intermittent, or unpredictable workloads.

[TracyDai23]

Elasticache

Elasticache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.

1. Use Elasticache to increase database and web application performance.
2. Redis is Multi-AZ
3. You can do back ups and restores of Redis

[TracyDai23]

Route53

1. ELBs do not have pre-defined IPv4 addresses; you resolve to them using a DNS name.
2. Understand the difference between an Alias Record and a CNAME.
3. Given the choice, always choose an Alias Record over a CNAME.

Common DNS Types:

1. SOA Records
2. NS Records
3. A Records
4. CNAMES
5. MX Records
6. PTR Records

Route53:

1. You can buy domain names directly with AWS.
2. It can take up to 3 days to register depending on the circumstances.

[TracyDai23]

域名解析中A记录、CNAME、MX记录、NS记录的区别和联系

Routing Policy

1. Simple Routing Policy: If you choose the simple routing policy you can only have one record with multiple IP addresses. If you specify multiple values in a record, Route 53 returns all values to the user in a random order.
2. Weighted Routing Policy. Add weight to each IP address so that Route53 can route your traffic by the weights you set to your IPs. 2.1 Health Checks : 2.1.1 You can set health checks on individual record sets. 2.1.2 If a record set fails a health check it will be removed from Route53 until it passes the health check. 2.1.3 You can set SNS notifications to alert you if a health check is failed.
3. Latency-Based Routing: allow you to route your traffic based on the lowest network latency for your end user(ie which region will give htem the fastest response time).
4. Failover Routing: when primary (active) server down, Route53 will automatically route to secondary (passive) server.
5. Geolocation Routing
6. Geoproximity Routing (Route53 Traffic Flow Only) //very complicated and detailed. Do not require to know details in Associate exam.
7. Multivalue Answer Policy: This is similar to simple routing however it allows you to put health checks on each record set.

[TracyDai23]

VPC (Virtul Private Cloud)

1. Think of a VPC as a logical data center in AWS.
2. Consists of IGWs (Or Virtual PRivate Gateways), Route Tables, Network Access Control Lists, Subnets, and Security Groups.
3. 1 subnet = 1 availability zone
4. Security Groups are stateful; Network Access Control Lists are stateless
5. NO TRANSITIVE PEERING

[TracyDai23]

// 计算机网络的补充学习书目： 计算机网络自顶向下方法

Build a Custom VPC:

1. When you create a VPC a default Route Table, Network Access Control List(NACL) and a default Security Group will be automatically created.
2. It won't create any subnets, nor will it create a default internet gateway.
3. US-east-1a in your AWS can be a completely different availability zone to US-east-1a in another AWS account. The AZ's are randomized.
4. Amazon always reserve 5 IP addresses within your subnets.
5. You can only have 1 Internet Gateway per VPC.
6. Security Groups can't span VPCs.

[TracyDai23]

NAT(Network Address Translation)

AWS guide page linux commands to connect from public EC2 instance to private EC2 instance: sudo su //change to root admin access

ssh ec2-user@ -i MyPvKey.pem //For this method, private key has been saved in MyPvKey.pem file. It's not the best practice. yum update -y //update instance system yum install mysql -y //install mysql

cat .htaccesss // check file content. Full cat command resource is here

Nat Instances:

1. When creating a NAT instance, Disable source/Destination Check on the instance.
2. NAT instances must be in a public subnet.
3. There must be a route out of the private subnet to the NAT instance, in order for this to work.
4. The amount of traffic that NAT instances can support depends on the instance size. If you are bottlenecking, increase the instance size.
5. You can create high availability using Autoscaling Groups, multiple subnets in different AZs, and a script to automate failover.
6. Behind a Security Group.

NAT Gateways

1. Redundant inside the Availability Zone// have to stay in one AZ
2. Preferred by the enterprise
3. Starts at 5Gbps and scales currently to 45Gbps// autoscaling
4. No need to patch
5. Not associated with security groups
6. Automatically assigned a public ip address
7. Remember to update your route tables.
8. No need to disable Source/Destination Checks.
9. If you have resources in multiple AZ and they share one NAT gateway, in the event that the NAT gateway's AZ is down, resources in the other AZ lose internet access. To create an AZ-independent architecture, create a NAT gateway in each AZ and configure your routing to ensure that resouces use the NAT gateway in the same AZ.

[TracyDai23]

ACL (Access Control List)

Ephemeral port //Google "What's my IP" to get my ip address

1. Your VPC automatically comes with a default network ACL, and by default it allows all outbound and inbound traffic.
2. You can create custom network ACLs. By default, each custom network ACL denies all inbound and outbound traffic until you add rules.
3. Each subnet in your VPC must be associated with network ACL. If you don't explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL.
4. Block IP Address using network ACLs not Security Groups.
5. You can associate a network ACL with multiple subnets; However, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed.
6. Network ACLs contain a numbered list of rules that is evaluated in order, starting with the lowest numbered rule.
7. Network ACLs have separate inbound and outbound rules, and each rule can either allow or deny traffic.
8. Network ACLs are stateless; responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa.)

[TracyDai23]

Load Balancer:

Need at least two public subnets in order to create load balancer.

VPC Flow Logs

1. You cannot enable flow logs for VPCs that are peered with your VPC unless the peer VPC is in your account.
2. You can tag flow logs.
3. After you've created a flow log, you cannot change its configuration; for example, you can't associate a different IAM role with the flow log.
4. Not all IP traffic is monitored: 4.1 Traffic generated by instances when they contact the Amazon DNS server. If you use your own DNS server, then all traffic to that DNS server is logged. 4.2 Traffic generated by a Windows instance for Amazon Windows license activation. 4.3 Traffic to and from 169.254.169.254 for instance metadata. 4.4 DHCP traffic. 4.5 Traffic to the reserved IP address for the default VPC router.

[TracyDai23]

Bastion Host

1. A NAT Gateway or NAT Instance is used to provide internet traffic to EC2 instances in a private subnets.
2. A Bastion is used to securely administer EC2 instances (Using SSH or RDP). Bastions are called Jump Boxes in Australia.
3. You cannot use a NAT Gateway as a Bastion host.

Direct Connect

1. Direct Connect directly connects your data center to AWS
2. Useful for high throughput workloads (ie lots of network traffic)
3. Or if you need a stable and reliable secure connection.

Setup a VPN over a direct connect connection steps:

1. Create a virtual interface in hte Direct Connect console. This is a PUBLIC virtual interface.
2. Go to the VPC console and then to VPN connections. Create a Customer Gateway.
3. Create a Virtual Private Gateway
4. Attach the Virtual Private Gateway to the desired VPC.
5. Select VPN Connections and create new VPN Connection.
6. Select teh Virtual PRivate Gateway and the Customer Gateway.
7. Once the VPN is available, setup the VPN on the customer gateway or firewall. AWS Official Guide to configure a VPN over AWS Direct Connect

[TracyDai23]

Global Accelerator

1. AWS Global Accelerator is a service in which you create accelerators to improve availability and performance of your applications for local and global users.
2. You are assigned two static IP addresses (or alternatively you can bring your own).
3. You can control traffic using traffic dials. This is done within the endpoint group.

VPC Endpoint

//from AWS guide, what is VPC Endpoint: A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components. They allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.

There are two types of VPC endpoints: interface endpoints and gateway endpoints. Create the type of VPC endpoint required by the supported service.

//LINUX Codes: ssh ec2-user@ -i MyPvKey.pem ssh ec2-user@ -i MyPvKey.pem aws s3 ls // linked to private EC2 instance S3 bucket echo "test" n> test.txt // create a test.txt file aws s3 cp test.txt s3://

after remove NAT Gateway, but added VPC endpoint to the private EC2 instance, we can test to connect to s3 again with following code: [root@ip-10-0-2-235 ec2-user] # aws s3 ls --region us-east-1 // have to add region to make it work when using VPC endpoint. This is different from using NAT Gateway.

Currently Gateway Endpoints Support: Amazon S3, DynamoDB

[TracyDai23]

VPC quiz questions: 1.Having just created a new VPC and launching an instance into its public subnet, you realise that you have forgotten to assign a public IP to the instance during creation. What is the simplest way to make your instance reachable from the outside world? Answer: Create an Elastic IP address and associate it with your instance Explanation: Although creating a new NIC & associating an EIP also results in your instance being accessible from the internet, it leaves your instance with 2 NICs & 2 private IPs as well as the public address and is therefore not the simplest solution. By default, any user-created VPC subnet WILL NOT automatically assign public IPv4 addresses to instances – the only subnet that does this is the “default” VPC subnets automatically created by AWS in your account.

2. By default, 5 VPCs are allowed in each AWS region

[TracyDai23]

HA Architecture

//OSI Model Layer 4: Transport Layer Layer 7: Application Layer

Bootstrap code:

#!/bin/bash
yum update -y
yum install httpd -y
service httpd start
chkconfig httpd on
cd /var/www/html
echo "<html><h1>This is WebServer 01</h1></html>" > index.html

//(#!/bin/bash ) What exactly is this ? It is known as ‘she-bang‘. This derives from the concatenation of the tokens sharp (#) and bang (!).

Exam tips:

1. Three types of Load Balancers: Application Load Balancers, Network Load Balancers, and Classic Load Balancers
2. 504 Error means the gateway has timed out. This means that the application not responding within the idle timeout period.
3. Trouble shoot the application. It's either the Web Server or Database Server.
4. If you need the IPv4 address of your end user, look for the X_Forwarded-For header.
5. Instances monitored by ELB are reported as: InService, or OutofService
6. Health Checks check the instance health by talking to it.
7. Load Balances have their own DNS name. You are never given an IP address.
8. Read the ELB FAQ for Classic Load Balancers (do test this part !)

[TracyDai23]

Advanced Load Balancer Theory

1. Sticky Sessions enable your user to stick to the same EC2 instance. Can be useful if you are storing information locally to that instance.
2. Cross Zone Load Balancing enables you to load balance across multiple availability zones.
3. Path patterns allow you to direct traffic to different EC2 intances based on the URL contained in the request.

[TracyDai23]

Auto Scaling Counts 3-4 marks in the exam.

HA Architecture (High Availability Architecture) Exam Tips:

1. Always design for failure.
2. Use Multiple AZ's and Multiple Regions where ever you can. //For disaster recovery
3. Know the difference between Multi-AZ and Read Replicas for RDS. //Multi-AZ is for disaster recovery; Read Replicas for RDS is for performance
4. Know the difference between scaling out and scaling up // Scaling out is to add more instances, like auto-scaling; scaling up is increase scaling volume or calculation power, like from micro to small instance.
5. Read the question carefully and always consider the cost element. //Meaning do not choose over-killing option per cost consideration
6. Know the different S3 storage classes. // Mostly used S3 classes: Standard S3 and Standard S3 infrequently access; Not highly available classes are Single-AZ S3, and reduce redundancy storage.

[TracyDai23]

HA Word Press Site

Use Cron to push changes from write node to S3 bucket and push changes from S3 bucket to read note.

//Target Groups Each target group is used to route requests to one or more registered targets. When you create each listener rule, you specify a target group and conditions. When a rule condition is met, traffic is forwarded to the corresponding target group. You can create different target groups for different types of requests. For example, create one target group for general requests and other target groups for requests to the microservices for your application.

Cloud Formation is the tool that are accompanied by a step-by-step deployment guide. For the guide, we needed a mechanism to automate the documentation of AWS CloudFormation input parameters that are passed to the template at runtime to control the deployment configuration.

[TracyDai23]

Elastic Beanstalk //just need to know what it is

With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.

[TracyDai23]

Applications

SQS (Simple Queue Service)

Using Amazon SQS, you can decouple the components of an application so they run independently, easing message management between components.

Exam tips:

1. SQS is pull-based, not pushed-based.
2. Messages are 256 kb per size.
3. Messages can be kept in the queue from 1 minute to 14 days; the default retention period is 4 days.
4. Visibility timeout is the amount of time that the message is invisible in the SQS queue after a reader picks up that message. Provided the job is processed before the visibility timeout expires, the message will then be deleted from the queue. If the job is not processed within that time, the message will become visible again and another reader will process it. This could result in the same message being delivered twice. //so, processing time should be shorter than visibility timeout so that tasks will not be reprocessed.
5. Visibility timeout maximum is 12 hours.
6. SQS guarantees that your messages will be processed at least once.
7. Amazon SQS long polling is a way to retrieve messages from your Amazon SQS queues. While the regular short polling returns immediately (even if the message queue being polled is empty), long polling doesn't return a response until a message arrives in the message queue, or the long poll times out.
8. Any time you see a scenario based question about "decoupling" your infrastructure - think SQS.

SWF (Simple Workflow Service)

//SWF allows human actions with in the process. Amazon use this service in their Warehouse, like customer order a book online. Choose book, and make payments are all done by codes. But human tasks like pick a physical book, and pack the package for you can be finished by using SWF service. Exam tips: SWF vs SQS:

1. SQS has a retention period of up to 14 days; with SWF, workflow execution can last up to 1 year.
2. Amazon SWF presents a task-oriented API, whereas Amazon SQS offers a message-oriented API.
3. Amazon SWF ensures that a task is assigned only once and is never duplicated. With Amazon SQS, you need to handle duplicated messages and may also need to ensure that a message is processed only once.
4. Amazon SWF keeps track of all the tasks and events in an application. With Amazon SQS, you need to implement your own application-level tracking, especially if your application uses multiple queues. Exam Tips SWF Actors:
5. Workflow Starters - An application that can initiate (start) a workflow. Could be your e-commerce website following the placement of an order, or a mobile app searching for bus times.
6. Deciders - Control the flow of activity tasks in a workflow execution. If something has finished (or failed) in a workflow, a Decider decides what to do next.
7. Activity Workers - Carry out the activity tasks.

[TracyDai23]

SNS

like billing notification alarm sent from AWS. Exam tips: SNS Benefits:

1. Instantaneous, push-based delivery (no polling)
2. Simple APIs and easy integration with applications
3. Flexible message delivery over multiple transport protocols
4. Inexpensive, pay-as-you-go model with no op-front costs
5. Web-based AWS Management Console offers the simplicity of a point-and-click interface. SNS vs SQS?
6. Both Messaging Services in AWS
7. SNS - push
8. SQS - Polls

Elastic Transcoder

API Gateway

Exam tips:

1. Remember what API Gateway is at a high level
2. API Gateway has caching capabilities to increase performance
3. API Gateway is low cost and scales automatically
4. You can throttle API Gateway to prevent attacks
5. You can log results to CloudWatch
6. If you are using Javascript/AJAX that uses multiple domains with API Gateway, ensure that you have enabled CORS (cross-origin resource sharing) on API Gateway.
7. CORS is enforced by the client(browser)// the client is basically your browser when considering it's a web app.

[TracyDai23]

Kinesis

//Three major Kinesis products: Kinesis Streams, Kinesis Firehose, and Kinesis Analytics Exam tips:

1. Know the difference between Kinesis Streams and Kinesis Firehose. Kinesis Streams contains shards, and will data fill in, data will be saved in shards. Kinesis Firehose has no storage, it is processing data will data fills in, and then deliver processed result to S3 and then to Redshift or other storages.
2. Uderstand what Kinesis Analytics is.

Con=gnito

[TracyDai23]

Lambda

Exam tips:

1. Lambda scales out (not up) automatically
2. Lambda functions are independent, 1 event = 1 function
3. Lambda is serverless
4. Services that are serverless: Amazon API Gateway, AWS Lambda, AWS Aurora Serverless, Amazon EventBridge, Amazon SNS, Amazon SQS
5. Lambda functions can trigger other lambda functions, 1 event can = x functions if functions trigger other functions
6. Archietectures can get extremely complicated, AWS X-ray allows you to debug what is happening
7. Lambda can do things globally, you can use it to back up S3 buckets to other S3 buckets ect
8. Know lambda triggers and what cannot trigger lambda, like RDX cannot trigger lambda

[TracyDai23]

Lambda Lab

//When creating Lambda API Gateway, will need to choose REST API as API Type