AWS Certified Solutions Architect Associate

Exam-01

Categories:

  • Security – weak section.
  • Infrastructure – weak section
  • General and development – Strength
  1. Q3- All About Lambda
    1. https://tutorialsdojo.com/aws-lambda/?src=udemy
    2. https://aws.amazon.com/blogs/startups/from-0-to-100-k-in-seconds-instant-scale-with-aws-lambda/
    3. https://docs.aws.amazon.com/lambda/latest/dg/lambda-edge.html
  2. Q-All About Amazon ElastiCache
  3. All About S3
  4. All About EC2
  5. Q-Amazon API Gateway
  6. FX
  7. Q-glue
  8. Amazon VPC
  9. AWS WAF
  10. Q- CPU UTILISATION ON RDS M/C: Cloud watch sources the CPU utilisation (bandwidth + memory) from hypervisors and (there can be multiple VMs managed by same hypervisor) may result in minute accuracy – For RDS deployed on system – RDS provides enhanced monitoring for CPU monitoring directly using agent instead of hypervisor view giving clearer picture.
    • Note on cloud watch vs RDS enhanced monitoring : Although you can use this to monitor the CPU Utilization of your database instance, it does not provide the percentage of the CPU bandwidth and total memory consumed by each database process in your RDS instance
  11. Security of secrets on EKS
    • Enable KMS encryption from EKS config – by default disabled
    • Note : AWS Secrets Manager is a powerful tool for managing secrets but it doesn’t directly address encrypting data within the etcd key-value store of an EKS cluster. Secrets Manager is more about managing and retrieving secrets rather than encrypting data within etcd.
    • KMS VS Secret Manager
      • AWS KMS (Key Management Service): Use this when your goal is data encryption. For example, if you want to encrypt an S3 bucket, an EBS volume, or specific fields in your database, KMS provides the “master key” that performs the mathematical encryption/decryption. It does not “know” your database password; it only knows how to encrypt the data you give it.
      • AWS Secrets Manager: Use this when your goal is credential management. Its primary value is solving the “hardcoded password” problem. Unlike KMS, it can actively talk to other services (like Amazon RDS) to change passwords on a schedule (rotation) without you having to manually update your application code. It actually uses KMS behind the scenes to encrypt the secret values it stores
      • KMS
  12. All about EKS:
  13. Storage gateways:
Gateway TypeProtocolAWS BackendPrimary Use Case
S3 File GatewayNFS, SMBAmazon S3 Migrating on-premises data to S3 or using S3 as a file share.
FSx File GatewaySMBFSx for Windows File ServerMigrating on-premises data to S3 or using S3 as a file share.
FSx File GatewayiSCSIAmazon S3 Scaling local block storage by keeping only active data locally and the rest in the cloud
Volume Gateway (Stored)iSCSIAmazon S3 Maintaining primary data locally for ultra-low latency while backing up to AWS.
Tape GatewayiSCSI (VTL) Amazon S3 & Glacier Replacing physical tape libraries with virtual tapes in the cloud.
  1. Note : Cost effective way to access services : S3/DynamoDB Accessing in cost effective way over private n/w use VPC gateway for all other services use priatre endpoint.
    • [Thought Process] –
      1. Events Generation & integration:
        • RDS event subscription: RDS event subscriptions typically notify about operational changes (infrastructure-level events and lifecycle status updates of the database resource itself—such as instance creation, maintenance patching, failovers, or storage scaling—rather than the data stored inside its tables.) rather than data modifications. This method does not capture database modifications like INSERT, DELETE, or UPDATE
          • TO generate event on RDS CDC – Create a native function or a stored procedure that invokes an AWS Lambda function.
  2. Q-All on RDS/AURORA
  3. Q-Securing MySQL AND Postgres :
    • IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don’t need to use a password when you connect to a DB instance. Instead, you use an authentication token.
      • IAM database authentication provides the following benefits:
        1. Network traffic to and from the database is encrypted using Secure Sockets Layer (SSL).
        2. You can use IAM to centrally manage access to your database resources, instead of managing access individually on each DB instance.
        3. For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security
  4. All about RDS
  5. Q-EFS VS EBS VS S3
  6. Q-AWS Lake Formation is integrated with AWS Glue which you can use to create a data catalog that describes available datasets and their appropriate business applications. Lake Formation lets you define policies and control data access with simple “grant and revoke permissions to data” sets at granular levels. You can assign permissions to IAM users, roles, groups, and Active Directory users using federation. You specify permissions on catalog objects (like tables and columns) rather than on buckets and objects.
  7. Q-All ABout AWS Lake :
  8. Q-All ABout IAM
  9. AWS Shield Advanced also gives you 24×7 access to the AWS DDoS Response Team (DRT) and protection against DDoS related spikes in your Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing(ELB), Amazon CloudFront, and Amazon Route 53 charges.
    • AWS Firewall Manager is mainly used to simplify your AWS WAF administration and maintenance tasks across multiple accounts and resources. It does not protect your VPC against DDoS attacks.
  10. Q-DDos White paper
  11. DMS :
  12. BeanStalk
  13. Cloudwatch
Pages: Page 1, Page 2, Page 3, Page 4

Published by

Unknown's avatar

sevanand yadav

software engineer working as web developer having specialization in spring MVC with mysql,hibernate

Leave a comment