based on the geographic location (continents, countries or only

in US states)

it's helpful when you want for example present one version of a
website for all Europeans, and the other version for all Africans

Latency Geolocation
allows you to route traffic based on the lowest network latency

Simple Routing Policy

default one

good if you have single resource, e.g. 1 web server

e.g. 20% goes to server 1 and 80% to server 2

Weighted
you may use pre-signed URLs in the following scenario. You
have a website with photos (stored on s3) and you don't want to
share directly the photos but rather you want people to visit your
website and see the pictures there (e.g. because of displaying Amazon charges you for CNAME record, but not for Alias
ads to people). With normal s3 storage other websites can detects a failover and redirects traffic to secondary server
requests
directly link to photos without reaching your website. If you use Failover
pre-signed urls then it is impossible to directly refer to photo. requires creation of health check
People can only see it on your website. CNAME records map 1 domain name to another, e.g.
Pre-signed URLs and Pre-signed cookies http://m.example.com to http://mobile.example.com
Route53
DNS in AWS
You can set up multiple restrictions Visibility Time Out - amount of time that the message is invisible
WAF A records maps domain name to IP in the queue (taken message from the queue becomes invisible -
if processed then deleted if not then become visible again).
you can whitelist/blacklist Geo-Restrictions Maximum VTO is 12 hours.
Alias is similar to CNAME but it allows for mapping the naked
2 types domains e.g. http://example.com , while CNAME not. ELB doesn't
Elastic Network Interface resolve to IP address (always to domain name) so Alias here are
very helpful
using "Path Pattern" you can set the regular expression what
should be cached, e.g. *.pdf By default you can have registered 50 domains, however if you message size = 256 KB messages can be kept in a queue from 1 minute to 14 days
works as a NAT gateway need more you can have after contacting Amazon support (default is 4 days)
Gateway
origin - source of the content which will be cached long polling doesn't returns a response until a new message
the origin actually may be your non AWS server - CloudFront will appears in queue (in opposite to short polling)
VPC endpoints still work Keeping jobs in a queue (independently from other system
accessing any AWS Service through VPC endpoint within one components) resolves the issue that arises if the producer is
region is done using private IPs you can cache a web content or streaming RTMP producing work faster than the consumer can process it.
You can have read replica in a 2nd region however ONLY for standard (default)
generally works as fifo but occasionally some messages can be
MySQL and MariaDB
Distributes content via Amazon's CDN (low latency and high data delivered out of order (but the deliver is guaranteed)
transfer rates) from edge locations
they're used for accessing other AWS services behind the it isn't only for reading content. You can write to it also.
Rekognition 2 types of queues
gateway (like to the different department, but in the same guarantees the order and deliver
Cloud Front As an input you give it a picture and it can recognize objects
enterprise network) FIFO queues
Polly Aritificial Intelligence limited to 300 transactions per second
Read replicas can become normal dbs (with write permission) converts notes to mp3
you can block addresses using ACLs (NOT via Security Groups) TTL is always in seconds Give data sets and then it can be used in future. E.g. for people
Objects are cached for TTL profiling.
Machine learning Creates job queue. E.g. doing a mem can be a job, so once you
you set it up using "Default TTL"
uploaded a photo the ec2 is adding there some funny text. Even
if the ec2 dies, the job is still kept in queue so when new ec2
edge location - place from where the content is served appears it can take this job and creates a meme.
created by default (allows all in and out traffic). But if you create
your own one it has a rule DENY everything.
Network ACL
Each replica have its own DNS endpoint
You can put auto-scaling to your SQS. Once x jobs is sitting in
Networking and content delivery
the queue, then there will be launched automatically a new ec2
you can associate a subnet to only ONE Network ACL
when you PUT a new object to edge location then the edge instance to handle new jobs
location it will update your bucket
SQS = Simple Queue Service
Remember to specify a 'Custom TCP' outbound rule with a port
range (it is required for ephemeral ports - the ports open on
Read Replicas CANNOT have Multi-AZ, HOWEVER you can client side, e.g. on client side you're using 1050 as ephemeral
have read replicas of Multi-AZ source dbs port and 80 as a destination port)
Distribution - name given to CDN which consists of collection of Messaging SQS is a pull-based system
You can use EC2 instance as a NAT GW too. edge locations
If you are bottlenecking, increase the instance size
your physical data centers are connected using dedicated SNS is push-based
NAT Gateway - for IPv4 NAT telephone line (e.g. security reasons, higher reliability, lower
You should have 1 gateway per availability zone the distribution name is: [random string].cloudfront.net costs if you're sending lots volumes of data, gives you higher
Read replicas of read replicas are possible but may cause Direct connect network bandwidth (1 or 10 GB/s))
latency problems , because of asynchronous algorithm of NAT gateway is not associated with security groups (while NAT
Egress Only Internet Access - for IPv6 You can delete the distribution by firstly disabling it and then
synchronization instances are) uses Ethernet VLAN Trunking (802.1Q)
deleting
Message in SNS are stored across multiple availability zones
There's NO transmitive peering - VPCs can communicate only VPC peering = connecting 2 VPCs via a direct link using private
with directly connected VPCs IP address (something like vlans - vpc behaves as they are in the
same network)
you can connect VPCs owned by different accounts however if you want to serve images from CloudFront rather than from S3
You can have up to 5 replicas of db only in the same region via Apache on EC2, you have to change a setting in httpd.conf to SES = Simple Email Service Sends email or text message to you when specified event
AllowOverwrite All occured
SNS = Simple Notification Service
Sends and receives emails.
Virtual data center allows you to group multiple recipients using topics, e.g. you can
VPC=Virtual Private Cloud group iOS and Android recipients and when you publish once to
you can have only one virtual gateway per VPC this topic SNS delivers appropriately formatted copies to each If you face problems with origin policy -> enable CORS (Cross-
subscriber Origin Resource Sharing) on API Gateway
It requires enabled automatic backup
Security Groups are stateful, but ACLs are stateless API Gateway
Configuration Doors to your backend. E.g. you're sending a request over API to
1 subnet = 1 availability zone Lambda service and get response.
Elastic Transcoder
Subnets WAF= Web Application Firewall
first 4 IPs and the last from the subnet (5 in all) cannot be used converts video to any format
API caching (caching response for a specified time-to-live (TTL)
by default each newly created subnet is asociated with the main
Supported only by MySQL, PosgreSQL, MariaDB route table Certificate manager
free ssl certificate for your domains Workflow starters - an app that can start a workflow
by default newly created subnets has no auto-assign public IP -
you have to turn it on manually if you want to access resources Security & Identity
in this subnet from public IAM = Identity Access Management Deciders - control the flow ( if the task is finished or fails they
You're installing inspector agent on your virtual machine and it Application Services decide what to do next
You're sending disks to Amazon and they deploy it to S3 or sth reports you audit results Step Function SWF Actors
Security groups dont't span across VPCs (if you created a Inspector
security group in VPC1 it will not be visible in ~VPC2) similar (or reverse - they will write sth to the disk)
The other possible purpose is to take a replica of your production
for dev purposes VPC Directory service Activity workers - carry out the activity tasks
before snowball there was an import export service where users
Subnet were sending their own disks, but it was hard to manage for
AWS This is where you get your documentation (e.g. ISO compliance
you have to download the manifest file and provide the access certificate) in AWS console Coordinates work across application's components. Allows you
Network Interface Level Can be created on 3 levels Artifacts
code from your AWS console to run the Snowball automating actions in your environment.
requires at least 2 public subnets SWF = Simple WorkFlow Service
you have multiple dbs which are synchronised with each other Load balancer in VPC requires to install a client software on your machine For streaming desktop applications
improving performance (e.g. each instance of a web server is AppStream
connected with an RDS instance)
capture logs about the traffic
those logs can be viewed in CloudWatch Logs Retention: SQS has a retention 14 days and SWF up to 1 year
SMS=Server Migration Service
2 copies of your data in each AZ, with minimum of 3 AZs = 6 80 TB disk space Differences between SWF and SQS
replicates production VMs to AWS
copies of your data Snowball
self-healing - automatically scans disks for errors and repairs VPC Flow Logs Migration
Orientation: SQS has a message-oriented API while SWF has
them task-oriented API (e.g. human involving tasks)
Multi-AZ is only for Disaster Recovery not for improving You can stream captured logs e.g. to Lambda and react for the (normal) Snowball migrate your production db without any downtime
performance (for this you need Read Replicas) Replicas
traffic DMS = Database Migration Service Code Deploy
Aurora replicas (up to 15) - provide automatic failover
For deploying your code into EC2 instances
Duplicates: SWF ensures that task is NEVER duplicated, while
MySQL replicas (up to 5) - NOT provide automatic failover Aurora - MySQL compatible (but provides up to 5 times better
By default you can have 5 VPCs in one region and 200 subnets Developer tools CodeCommit duplicates in SQS are possible
performance) GitHub in AWS Quick Sight
Flow logs between VPCs are ONLY possible if both VPCs are per VPC
under ONE account For compiling your code for business analytics, for visualizing analysis results
It allows you to to have exact copy of production db in different Read Replica
Availability Zone. Both dbs are automatically synchronised so if Code Build
one fails then another one comes live. tracking: SWF tracks all tasks and events in application, while in Data Pipeline
100 TB disk space
For tracking versions of your code SQS you have to implement your own application-level tracking Move data from one place to another
gives you also the compute capabilities. For example, the 3 main types Mobile Analytics
airplane engineer takes the snowball edge's box on the board Code Pipeline Domain in SWF is a collection of related workflows
you cannot tag a flow log Analysis usage of mobile data
and it's mounted as a disk. During the flight data about engines
Restored instance is always a NEW RDS instance with a new if there's a planned mainenance window then RDS will public subnet has at least one route that uses an internet it's like google analytics for mobile apps. Helps you understand Elastic search
is collected and then send to Amzaon data centre. In the result
endpoint automatically switch and then come live again without gateway in it's route table. Snowball Edge user's behaviour. You can shorten time for processing an EMR job by reducing the
you have in your cloud not only the data, but also the Lambda
administrator's action Multi - AZ Pinpoint input split size in the MapReduce job configuration and then
function. Cloud Search
Device Farm adjust the number of simultaneous mapper tasks so that more
Looks the same as normal snowball
Allows testing your app on hundreds of real devices.
Analytics Athena tasks can be processed at once
After creating a flow log you cannot change its configuration, e.g.
Allows for SQL queries to S3
backups are taken in a defined time window and during a backup you cannot assign a new IAM role
you may experience latency Once a VPC is set to Dedicated hosting, it is not possible to
change the VPC or the instances to Default hosting. You must Retention: data is stored from 24 hours (default) to 7 days
Not all traffic is monitored. Exceptions are: Amazon DNS traffic re-create the VPC. Simplify sign in and sign up - aloows to do it over 3rd parties Used for analysing big data
Cognito then they are taken by consumers
It takes a daily db snapshot and stores transaction logs through Automated backups (however if you have your own DNS server then it is logged), (Social Identity Providers), e.g. Google. You have to give Google EMR=Elastic MapReduce Producers puts data in Shards
all day. This allows you to recover a db to any point in time within traffic from Windows instance for an Amazon Windows license credenttials which are stored in Cognito and then you can log in Allows you to root access
Snomobile Mobile Hub Mobile Services
retention period (it can be from 1 to 35 days) Backups activation, traffic to and from 169.254.169.254, DHCP traffic, over Cognito in other services (which allows for it)
Kinesis Streams
traffic to reserved IP for the default VPC router
up to 100 PB AWS SAA
Enabled by default Allows to design mobile features, e.g data storage, way of Kinesis Firehose
​VPC peering does not support edge to edge routing.​ authentication. It has its own mobile console data is not stored but automatically processed (there's no
E.g. you want to count net income of EMEA and US region, then consumers), e.g. by Lambda
you need to have sum of :sold products from EMEA and US, unit OLAP (Online Analytics Processing) - it pulls a large amount of
for OLTP cost of each product, sales price of each product etc. records; used for data warehousing
Kinesis Analytics
The backup is stored on automatically created S3 bucket. If your
RDS db is 10 GB big then there is created for free S3 10 GB RDS = Relational Database Service Kinesis Services
bucket
OLTP (Online Transaction Processing
E.g. pull up a row where order_id=159 When to use what?
Kinesis
analyzing in real time big data
supports:
Unlike automated backups they are stored EVEN AFTER SQL,
deleting RDS instance MySQL,
Database snapshot streaming data - data send continuously from many data sources
Oracle, (e.g. geospatial data like in uber app, or gaming)
Postgresql,
Amazon currently doesn't support increasing storage on SQL Aurora,
MariaDB Cloud Trail works per AWS account and is enabled per
Server Db instance region. However you can consolidate logs using S3 bucket (it
to scale RDS (increase the size) you have to manually restore a requires cross account access policy and enabling CloudTrail Data are stored from 24 hours to 7 days
snapshot with bigger size or to add a read replica. DynamoDB on each account)
has a scale "push button" and the process of scaling is automatic Databases

Data is stored in Shards

single node = 160 GB Enable only Consolidated Billing
available in 2 feature sets

you can use multi-node

the maximum provisioned IOPS capacity on an Oracle and
AWS Organizations - account management service
Leader node (receives queries) Enable All Features
MySQL RDS instance (using provisioned IOPS) is 30,000 IOPS Configuration which allows you to consolidate multiple AWS
can be up to 128 compute nodes accounts (by default up to 20; for more you have to
compute nodes (store and data and compute queries) contact Amazon) into an organization 1) Gateway Virtual Tape Library (VTL)
Cloud watch is for monitoring (performance), while CloudTrail is
for auditing (what people are doing on your resources) allows you to get discounts (you use 600 GB instead of 2 allows you storing your tape data to virtual cartridges
Data warehouse solution accounts per 300 GB), better management
the maximum size RDS volume you can have by default using Redshift
Amazon RDS Provisioned IOPS storage with MySQL and Oracle for OLAP
database engines is 6 TB 2) File Gateway (NFS)
DynamoDB allows for the storage of large text and binary Service catalog
Allows automatic scaling up process without any down time (in You can specify which services are authorised among your you can manage users by consolidating them into groups or nothing is stored locally
objects, but there is a limit of 400 KB.
opposite to RDS) enterprise and which don't individually assign policies.
CloudWatch Events, e.g. a rule to update DNS when event is 3) Stored Volumes
you're doing a full copy locally and then it is asynchronously
triggered Config 4 types of Storage Gateway
Monitors your configuration and warns you if specific backed up (do a EBS snapshot and store it in S3).
configuration can broke your environment that you set A virtual machine installed in your data center, which connects
by default it uses Eventual Consistent Reads (consistency Audtiting your AWS activity. If something is changed (e.g. new Cloud trail S3 with your data center
across all copies is reached within a 1 second) service added/removed) the Cloud Trail is responsible for Volumes Gateway (iSCSI) - the block based storage (it's like
when using multiple availability zones, you cannot use the you are charged for backup Strongly Consistent Reads logging this information. Can be stored in S3 bucket virtual hard drive - you can install on it applications). Data is
Cloud watch
secondary database as an independent read node stored on volumes as Amazon EBS snapshots (limited in size 1
monitor your AWS environment
is based on Compute Node Hours = 1 unit per node per hour GB-16 TB). entire data set is stored in S3 and the most frequently accessed
Detailed monitoring = 1 minute Management tools data is cached locally
Pricing
charged only for compute nodes Cloud formation 4) Cached Volumes
Turns your infrastructure into code. In normal architecture you Storage Gateway
have switches, firewalls, services and so on and in cloud you
you are charged for data transfer within VPC CPU related, have a document describing all those components. Responsible Server side encryption with customer provided keys - SSE-C
Stored on SSD
Disk related, for it is Cloud Formation. You can deploy whole production Trusted Advisor
caching top objects to improve availability Network related, environment using Cloud Formation templates. Server Side Encryption
status related Default EC2 metrics Workspaces
uses Columnar Data Storage - processing only columns which Elasticache basically it's a VDI. It's like having a desktop in a cloud. S3 managed keys = SSE-S3
are involved a query collection = table
Standard monitoring = 5 minutes
good for aggregated queries document = row Desktop and App Streaming
key value pairs = field NoSQL db DynamoDB Memcached
is fast Way of streaming desktop applications AppStream 2.0 logs information who is encrypting/decrypting what
uses 2 open source caching engines Gives you recommendations, e.g. how to do cost optimization,
good for gaming, IoT, etc. Redis performance optimization or security fixes in your environment. AWS KMS - Key Management Service
uses another key to encrypt your encryption key
Advanced Compression - Columnar Data Can be compressed Logs - require installing the Agent you cannot replicate to multiple buckets
more effectively than row based data (it stores same type of Automatically spreads across 3 geographically different data
data) DMS - Database Migration Service IoT
centres (user cannot specify which specific AZs should be used)
keeping track of all your IoT devices
not accessible from Singapore and South America regions
Internet of Things
Storage costs (per GB) Glacier
Massively Parallel Processing - automatically distributes data e.g. Oracle licensing is very expensive so you can convert your
Archive from S3 - you cannot get the objects immadietely versioning has to be enabled on both source and destination
across all nodes Oracle db to free MySQL
Write throughput (per 10 units); expensive for writes buckets
You will pay for storing objects at least for 90 days
Pricing
Read throughput (per 50 units); cheap for reads Workmail
you can copy whole folder either using 'cp --recursive' or 'sync'. Client side encryption
It's like Microsoft Exchange in AWS.
in transit SSL Sync copies ONLY new files. If you want to also include
WorkDocs removing files from the destination then use 'sync --delete'
by default Redshift takes care of key management (but you can Security For storing work documents in a secure way. Similar to S3 with Storage When you restore previous version (delete latest version) in your
change it to AWS KMS or manage keys through HSM) some additional security features. CLI for some regions the '--region' parameter has to be explicitly at rest
at rest AES 256 Business Productivity source bucket then it is NOT replicated (in destination bucket it is
specified and for some not. It is better than to use always this
still in Latest version!)
parameter so it will always work encryption
In-transit - SSL/TLS

Cross-Region Replication replicates only NEW objects

Available only in 1 AZ
objects are replicated with their permissions

Orchestration Service that uses Chef

each bucket has unique name
OpsWork data is stored in buckets If you delete an object then the "delete marker" is replicated,
however if you delete the "delete marker" in your source bucket
each bucket can be reached using link: https://s3-eu-west- (restore the object ) then "delete marker" is not replicated (in
uses 1024KB (1MB) block size for its columnar storage ECR = EC2 Container Registry 1.amazonaws.com/[bucketname] or: your destination bucket the object is still deleted)
Docker container are run based on JSON Task definitions
S3 = Simple Storage Service https://[bucketname].s3.amazonaws.com
it's a managed AWS Docker registry service. It supports private read after write consistency for PUTS of new objects (objects are
Docker repositories accessible immediately after uploading)
ECS = Elastic Container Service

Manages Docker containers on a cluster of EC2 instances Eventual consistency for overwrite PUTS and DELETES (after
modifying or deleting file the changes can take some time to
Object based storage propagate)
can be used to deploy sophisticated applications on a
microservices model each object is build from: key (name), value (data), ID (important
for versioning), metadata (e.g. date of uploading) and
subresources
subresources contain: ACLs and torrent (it supports BitTorrent
EC2 instances have to be in the same security groups as the protocol)
elastic file system each object (flat file) is limited to 5TB
Glacier
cheap but takes 3-5 hours to retrieve data

availability = 99,99%, durability = 99,999999999%

data survives even if 2 concurrent facilities will be down
it's a block based storage
minimum object size is 128KB
Proactive Cyclic Scaling - periodic scaling after fixed time interval what means that smaller objects will be charged as 128KB
(e.g. daily)
Proactive Event-based Scaling - scale when an event occurs Storage Tiers
lower fee than S3
(release of your product)
S3 IA (Infrequently Accessed)
availability = 99,9%, durability = 99,999999999%
Auto-scaling it supports NFSv4 Storage space is unlimited
3 ways to implement elasticity when object expires it means there is removed the delete marker
(however you're still able to restore the object)
Additional exam tips: actions on current versions
availability = 99,99%, durability = 99,99%
cheaper than S3
Lifecycle management - allows you to setup rules to move/expire
actions on previous versions Reduced Redundancy Storage
objects to Glacier or IA storage after some period (or some old
"chef", "recipes", "cookbook" -> OpsWork versions of those objects)
It can be shared between many VMs
EFS = Elastic File System Careful with big files, because all versions are stored, what can
streaming large data -> Kinesis
take a lot of your storage space
Key words Versioning - once you enable it you cannot disable it (you can
Business Intelligence -> Redshift only suspend it) It may be used as a backup tool - once you deleted the object,
you can steal restore it by deleting the "delete marker"
It elastically grow (can scale up to petabytes) and shrinks when
Big Data processing -> Elastic Map Reduce you add/remove files

Resource groups - allows to group resources using tags

assigned to them

it uses the CloudFront Edge Network

you pay only for the storage you use
To speed up the transfer of uploading you may use Transfer to upload you're using dedicated URL, e.g. rzepsky.s3-
Acceleration service accelerate.amazonaws.com

Using STS you can log in to AWS with your AD account/OpenID

providers without IAM credentials.
STS = Security Token Service
Federation - combining list of users in 1 domain (e.g. IAM users)
with list of users from 2 domain (e.g. AD) read after write consistency
terms
Identity Broker - a service to take an identity from point A and
join it (federate it) to point B

Identity store - service like AD

To mount it simply run the proper command on each instance.

Identities - users of a service, like AD account There is a soft limit for 20 EC2 instances per region

EC2 instance in a public subnet is only publicly accessible if it

has a public ip address or is behind an elastic load balancer.

Only SSD and Magnetic disks can be bootable. The HDD ones
CANNOT be root disks (but can be mounted additionally)

Magnetic standard
Lowest price per GB
normally taking a snapshot excludes application and OS cached
data, however in RAID it can be a problem due to
interdependencies of the array
SC1 - Cold HDD
Lowest cost storage for infrequently accessed workloads (e.g. as
a file server,

ST1 - Throughput Optimized HDD

for large amount sequential data (data warehouse/log
processing/Big Data
Taking a snapshot of RAID

EBS types

You can do this using one of the following method: freeze

filesystem, unmount the RAID array, shut down associated EC2 3 IOPS per GB up to 10000 IOPS
instance To take a snapshot of RAID array you have to stop app from RAID 10 - combination of RAID 0 and 1; good performance and GP2 - General Purpose SSD. Balanced price and performance.
writing and flush all caches to the disk redundancy

RAID 0 - striped, no redundancy

EBS - virtual storage disk which you attach to your EC2 instance. RAID = Redundant Array of Independent Disks RAID 1 - Mirrored more than 10000 IOPS
It is a block storage so it allows you to install components on it IO1 - Provisioned IOPS SSD
(just like on your PC's HDD) to maximize IOPS performance the best strategy is to add
multiple additional volumes with provisioned IOPS and then
RAID 5 - at least 3 disks, good for reads and bad for writes; not create a RAID0 stripe across those volumes
recommended by AWS
from multiple EBS volumes you can create a RAID (the EBSes You cannot mount 1 EBS to 2 EC2. Use EFS instead
can be of different types), e.g. from 4 different volumes create
one striped partition D://
remember about the tagging - thanks to tags you're able to track
particular services which generate the costs.
EC2 Instance Types

Configuring by default the EC2 and its disks are deleted when terminated
AMI = Amazon Machine Image (but you can change this behaviour)
a virtual machine in the cloud
For each availability zone there is a separated subnet (1 subnet
= 1 availability zone).

EC2 = Elastic Compute Cloud Metadata

accessible under the address:
http://169.254.169.254/latest/meta-data/

on Demand
Compute pay fixed rate by hour (or on seconds for Linux)

Reserved
capacity reservation. Requires signing a contract for 1-3 years
it is possible to transfer a reserved instance from one AZ to
EC2 price options another
If you terminate the instance then you're going to pay for this
Lightsail hour. If the AWS terminates your instance then it is for free
Spot you need to set a bid price (a maximum price that you can spend
for an hour/second of using EC2). If there is high demand for
EC2 (a lot of people is buying it at the moment) then the price of
it is going up. If this dynamic price is above your bind your
instances will be stopped or terminated.

It may be helpful if the licensing agreement requires it (e.g. an

you're uploading a code and beanstalk automatically creates an Oracle db) or for the government
environment for it Dedicated hosts
Elastic Beanstalk can be bought as on Demand or as Reserved

Create the encrypted snapshot

the event can be for example new file in S3 or an HTTP request
(send to API Gateway and then it triggers Lambda function)
each request deploys a new Lambda function
The code is run when an event is trigerred
You can share snapshots only when they are NOT encrypted

it's actually 'serverless' Snapshots of encrypted volumes are encrypted automatically

You cannot remove snapshot of an EBS volume which is used
it's a compute service. You upload a code and Lambda takes Lambda as a root device for AMI - you have to firstly deregistered AMI 1) Stop an instance and create a
care of provisioning and managing the servers to run your code. Network Load Balancer and then you can remove the root device snapshot
Rare choice, only if you need static IP and ultra high 2) Copy a snapshot to different
You have to grant permissions to role assigned to your function,
performance region and enable encryption
e.g. Simple Microservice permissions (without permissions it will
not work) 2) Create an image (AMI) from this
Amazon EBS - the root device for an instance launched from the
snapshot
Classic Load Balancer (works in layer 4) 2 types AMI is an Amazon EBS volume created from an Amazon EBS
previous generation - forget about it snapshot (they are faster and uses persistent storage)
AMI - Amazon Machine Image
Load Balancers
Successor of previous classic load balancer Instance store - the root device for an instance launched from
Application load balancer (works in layer 7) the AMI is an instance store volume created from a template
stored in Amazon S3 (slower and uses ephemeral storage)
Require to configure health checks - LB passes traffic only to
instances which pass the healthcheck Terminating deletes EBS or instance store volumes HOWEVER
with EBS volumes you can tell AWS to keep the root device
volume

Rebooting EBS or instance store backed AMI will NOT loose

your data
The Storage for the Root Device (Root Device Volume) can use
either EBS (most common) or instance store (you CANNOT stop
it - only reboot or terminate)

in the auto scaling group you define the amount of instances and
the subnets (each subnet is a separate availability zone) - the
more subnets the bigger redundancy you have.
In advanced settings you can specify the load balancer which
does a health check
Grace period is a length of time before Auto Scaling does a
health check
Launch Configuration

You cannot move existing instance into Placement Group

However you can create an AMI from existing instance and then
launch a new instance from AMI into a Placement Group

only certain instances can be launched in a Placement Group.

It's a logical grouping of instances within a single Availability

allows you specify increase and decrease group sizes - e.g.
Zone. It is recommended for applications that need very low
when the CPU > 90% add an instance and when CPU < 40%
latency and very high network throughput (10Gb/s), e.g. clusters. EC2 Placement Group remove one instance
Placement Group cannot span across multiple Availability Zones.

You cannot merge Placement Groups

Auto Scaling automatically re-provision instances, e.g. when you
terminate one of your instance it will be automatically (after a
while) bring back
The name of Placement Group must be unique
Source/destination checks - that means that each instance has
to be either a source or destination. This is set by default.
However you have to change it if you want to use NAT
removing Auto Scaling Group also removes the instances
specified in Launch Configuration

PV - Para Virtualization
2 types of virtualization
HVM - Hardware Virtual Machine