Professional Documents
Culture Documents
Numbers Sheet Name Numbers Table Name
Numbers Sheet Name Numbers Table Name
Numbers Sheet Name Numbers Table Name
All other
objects on each Numbers sheet were placed on separate worksheets. Please be aware that formula
calculations may differ in Excel.
Notes
Services
Senario
Access S3 From Mobile App
The online auditing system needs to access certain AWS resources in your network to perform the
audit.
Handle rapid influx of incoming traffic in the most cost-effective way
Handle high number of write operations on database tier
Amazon Mechanical Turk can send a notification to
Mobile phone push notification
EBS boot volume for EC2 instance
Redshift fast-running queries won't get stuck in queues behind long-running group queries.
Cloud Front - deliver content over HTTPS using your own domain name
your own domain name in CloudFront is not required.
Public certificates generated from ACM can be used on Amazon CloudFront, Elastic Load Balancing,
or Amazon API Gateway but not directly on EC2 instances unlike private certificates.
real-time data collection such as video, audio, application logs, website clickstreams, and IoT
telemetry data for machine learning, analytics
POSIX-compliant shared file storage
Grant Access to User-Specific Folders in an Amazon S3 Bucket
Cache supports multiple cores or threads
Amazon EC2 uses an instance profile as a container for an IAM role
Block the series of attacks coming from a set of determined IP ranges
To diagnose and troubleshoot problems on Amazon EC2 Linux and Windows Server instances.
Prevent anyone from bypassing CloudFront and using the direct Amazon S3 URLs
When I/O performance is more important than fault tolerance; stripe multiple volumes together
When fault tolerance is more important than I/O performance,mirror two volumes together
Secure Desktop-as-a-Service (DaaS)
CloudFormation templates which are regularly updated to map the latest AMI IDs
3
You can deploy AWS WAF on Amazon CloudFront as part of your CDN solution/Cloud Front, the
Application Load Balancer that fronts your web servers or origin servers running on EC2, or Amazon
API Gateway for your APIs.
ECS- use security groups and standard network monitoring tools at the container level
If VPC Lambda function requires Internet access
To route domain traffic to an ELB load balancer
To migrate EC2 instance from one region to another, and use its same PEM key
4
An SCP does not grant any permissions. Instead, SCPs are JSON policies that specify the maximum
permissions for an organization or organizational unit (OU). The SCP limits permissions for entities
in member accounts, including each AWS account root user.
KMS helps to encrypt data upto 4 Kb. If its more than 4KB, use envelope encryption
S3 - no file should have a public read nor public write access.
To deploy applications to the cloud and also launch the required AWS resources automatically
A network device that supports Border Gateway Protocol (BGP) and BGP MD5 authentication is
needed to establish a Direct Connect link from your data center to your VPC.
Only one virtual private gateway (VGW) can be attached to a VPC at a time
Route 53 health for private hosted zone, don’t have direct access to resources in private subnet
5
Possible Answer
IAM Role.STS actions such as "AssumeRole", "AssumeRoleWithSAML", and "AssumeRoleWithWebIdentity"
Create a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign it
that allows only the actions required for the compliance audit
SQS
SQS
SQS or SNS
Amazon SNS mobile push
General Purpose SSD (gp2)/Provisioned IOPS (io1)
Redshift workload management (WLM)
1) use a certificate that was issued by a trusted certificate authority (CA) such as Comodo, DigiCert, Symantec or other third-pa
providers.
2) use a certificate provided by AWS certificate Manager (ACM)
If the origin is not an ELB load balancer, such as Amazon EC2, the certificate must be issued by a trusted CA such as Comodo, D
Symantec or other third-party providers.
If your origin is an ELB load balancer, you can also use a certificate provided by ACM.
SSL/TLS certificate provided by AWS Certificate Manager (ACM), or import a certificate from a third-party certificate authority
or the IAM certificate store.
default CloudFront certificate
Kinesis
EFS
IAM Policies
Memcached
NACL
EC2Rescue
Origin access identity (OAI)
RAID 0
RAID 1
Amazon WorkSpaces
Use CloudFormation with Systems Manager Parameter Store
Daily automatic backups
Manual backups using Redis append-only file (AOF)
Setting up a Multi-AZ with automatic Failover
AWSELB
AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more
your account that are located in the same or different Regions.
Global DynamoDB table by choosing your preferred AWS region, enabling the DynamoDB Streams option and creating replica
the other AWS regions where you want to replicate your data.
Secrets Manager
Systems Manager Parameter Store
OpsWorks with Auto Healing capability enabled
6
Use awsvpc network mode in the task definition in Amazon ECS Cluster
add a NAT gateway to your VPC and Ensure associated security group of the Lambda function allows outbound connections
Amazon Route 53 alias record
copy the AMI of your EC2 machine to your new region and start up an instance using the AMI.
7
Enabling Amazon S3 Block Public Access in the S3 bucket
AWS CloudFormation, AWS Elastic Beanstalk
Create cloud watch matrix and associate an alram for private subnet ec2.monitor that alram.
For Amazon S3 REST API calls, you have to include the following HTTP Request Headers: x-amz-server-side-encryption-custom
algorithm, x-amz-server-side-encryption-customer-key, x-amz-server-side-encryption-customer-key-MD5
For presigned URLs, you should specify the algorithm using the x-amz-server-side-encryption-customer-algorithm request hea
Set up AWS Service Catalog to tag the provisioned resources with corresponding unique identifiers for portfolio, product, and
Set up the CloudFormation Resource Tags property to apply tags to certain resource types upon creation.
8
9
10
11
Services
Amazon Macie
QuickSight
Amazon GuardDuty
Amazon Connect
Amazon Lex
Amazon CloudSearch
CloudHSM
Amazon MQ
Amazon WorkDocs
Direct Connct Gateway
Direct Connect Link Aggregation
Groups(LAG)
Code Commit
12
Uses
Security service that uses machine learning to automatically discover, classify, and protect sensitive data(personally identifiab
visualize the reports
threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS acco
provides a seamless omnichannel experience through a single unified contact center for voice and chat.
service for building conversational interfaces into any application using voice and text.
managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for y
managed hardware security module (HSM) in the AWS Cloud that handles encryption keys
managed message broker service for Apache ActiveMQ ,it uses industry-standard APIs and protocols for messaging including J
MQTT, and WebSocket.
A fully managed application streaming service. You centrally manage your desktop applications on AppStream 2.0 and securel
computer.
Build serverless visual workflow to orchestrate your Lambda functions
Can also integrate with EC2, ECS, On premise servers, API Gateway
Coordinate work amongst applications
Run batch jobs as Docker images, Managed compute enviornment
Application testing service for your mobile and web applications.
Test across real browsers and real mobiles devices.
A fully managed, secure content creation, storage, and collaboration service. With Amazon WorkDocs, you can easily create, e
because it’s stored centrally on AWS, access it from anywhere on any device.
Direct Connect to one or more VPC in many different regions (same account, cross account)
Get increased speed and failover by summing up existing Direct Connect connections into a logical one
Integration with SNS/Lambda - delete branch/ pushes to master branch/code base analysis
CW event rules - Pull request updates,(failed pipeline)
Triggers - code related events
Notification - pull request events B41- cw
13
14