AWS Architecture Study Guide

 Types of attacks: Synchronize/ Acknowledge floods In a SYN flood attack, a malicious client sends a large number of SYN packets, but never sends the final ACK packets to complete the handshakes. The server is left waiting for a response to the half-open TCP connections and the idea is that the target eventually runs out of capacity to accept new TCP connections which prevents new users from connecting to the server, however the actual impact is more nuanced.  UDP Floods https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/udp-reflection-attacks.html Reflection attacks HTTP Flood attacks Distributed Denial of Service Attack Flooding your website with network traffic from multiple sources ( distributed groups of computers, IoT, etc) https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using-amazon-cloudfront-and-amazon-route-53/ Protection In AWS, DDoS mitigation capabilities are automatically provide...

General purpose A, T, M - Web or application server - Enterprise application - Gaming server - Caching fleets - Analytics applications - Dev or test environment Compute optimized - Batch processing - image processing, data conversion, process large amount of information(logs etc) -  -  Memory optimized Accelerated computing Data optimized

 Basics of AMI contains OS and other installed software can contain additional storage volumes to attach to the instance exists in one region only contains launch permissions - who can access the AMI  Categories of AMI Windows vs Linux EBS-backed or instance store backed 32 bit or 64 bit x86 or ARM Instruction set PV or HVM virtualization Sources of AMI Quick Start - created by AWS My AMI - created by you  AWS Marketplace - by 3rd parties, from vendors for specific use case Community -  by others, not verified, use at your own risk Benefits of EBS -backed  created storage (16TiB as opposed to 10 Gib) can be stopped and restarted can be converted into instance store backed if needed boots quicker

 AWS Site to Site VPN connect on-premise network with VPC   using shared and public network easy to setup, faster to install charged per hour 0.05 cents per connection hour, 0.09$ per GB of DTO encrypted connection via IPSec two encrypted tunnels per connection on-premise side: customer gateway, AWS site : virtual private gateway For high availability, you can have multiple customer gateways, each advertises same prefix AWS CloudHub: have multiple customer gateways connected to single virtual private gateway second tunnel can be used for redundancy Routing Static: when customer gateway do not have BGP Dynamic: when customer gateway do not have BGP (recommended) AWS Direct Connect (Dx) 50 Mbps to 100 Gbps dedicated private network uses 802.1q standard better for transferring large data sets and also for security and compliance One side of connection connected to Dx router located at DC site, the other to your router, using fiber -optic cable D...

  Operational Excellence Ability to run and monitor systems Continuously improve supporting processes and procedures How code will be deployed, updated, operated Logging, reduce defects, perform quick, safe fixes manage and automate changes respond to events successfully manage daily operations Best practice areas Prepare -> Operate -> Evolve Perform Operations as code Define your entire workload - applications and infrastructure as Code Update it with code Implement operational procedures as code Limit human error Enable consistent responses to events Annotations are input to your operations as code Automate documentation Create annotated documentation after every build Make frequent small changes Enable components to be updated regularly Refine operation procedures frequently Identify opportunities to improve Anticipate failure Identify potential sources of failure so they can be mitigated Learn from all operational events and failures Share across teams and the organizatio...