AWS Certified Solutions Architect Associate quiz: doubts and solutions — Part 2

Asset security services

MayBeMan
8 min readApr 12, 2024
  • GuardDuty utilizes machine learning to detect suspicious or unauthorized activities within the AWS account, such as unauthorized login attempts or abnormal behavior of EC2 instances. This provides an additional layer of security to protect against both external and internal threats.
What is Amazon GuardDuty? Definition, Pricing & Comparison (stormit.cloud)
  • Inspector automatically evaluates applications on AWS to identify security vulnerabilities and violations of best practices. This is essential to ensure that applications are protected from potential attacks or exploits.
Automated Security Service — AWS Inspector | Improve the Security and Compliance of your AWS Applications — CloudThat Resources
  • Amazon Macie is instrumental in protecting sensitive data within S3 by using artificial intelligence to identify and safeguard personal or sensitive information. This is particularly important for complying with privacy regulations such as GDPR.
AWS Security Services: How do you choose? (fourtheorem.com)
  • Shield provides critical protection against DDoS attacks, which can be devastating for web applications exposed on AWS. This service offers an additional barrier to ensure that applications remain operational even during large-scale attacks.
  • Security Hub offers a centralized overview of the security status of AWS resources, making it easier to monitor and manage compliance and security violations through a single interface. This is crucial for maintaining full visibility into security status and responding promptly to potential threats.

Storage services for EC2 instances

  • EFS (Elastic File System) is a shared file system that can be mounted on multiple EC2 instances simultaneously. It’s useful when you need to store data accessible from multiple EC2 instances or when data sharing between EC2 instances in a VPC is required. You can use EFS to store shared file systems for web applications, log archives, user data, and other data requiring simultaneous access from multiple EC2 instances. EFS is designed to automatically scale based on your application’s storage and I/O needs. However, EFS performance can be affected by network latency when accessing file systems from EC2 instances in different availability zones or regions.
Amazon EFS: How it works — Amazon Elastic File System
  • EBS (Elastic Block Store) provides persistent block-level storage for EC2 instances. It’s useful when you need to store persistent data associated with a single EC2 instance, such as databases, operating system file systems, or applications requiring persistent data. You can attach an EBS volume to a single EC2 instance to store persistent data. You can choose from various types of EBS volumes (such as SSD, HDD, provisioned IOPS) based on performance and budget requirements. EBS performance varies depending on the selected volume type (SSD, HDD, provisioned IOPS) and the volume size. EBS volumes can be optimized to provide high I/O performance through IOPS provisioning or through the use of provisioned SSD volumes.
  • Instance Store provides local storage associated with an EC2 instance. It’s useful for temporary or ephemeral data that doesn’t require persistence, such as cache data or temporary processing data. The Instance Store comes directly with some EC2 instances and is generally used for temporary storage. However, it’s important to note that data stored on an instance with Instance Store storage can be lost if the instance is terminated or if a hardware issue occurs. Instance Store performance depends on the type and generation of the EC2 instance being used since Instance Store storage is directly tied to the instance itself. Instance Store generally offers high performance because it’s locally attached to the EC2 instance, reducing latency compared to EBS or EFS.
AWS — Difference between EBS and Instance Store | by Ashish Patel | Awesome Cloud | Medium

Content distribution and performance improvement

  • CloudFront is a Content Delivery Network (CDN) service that distributes web and video content with low latency and high speed. It automatically places your content at Points of Presence (PoPs) around the world, reducing latency and improving website performance. It can be used to distribute static, dynamic, streaming media, and API content, speeding up webpage loading times and reducing load on origin servers. It also offers advanced features such as cache management, compression, geolocation-based routing, and security through AWS WAF (Web Application Firewall).
CloudFront prezzi — Amazon CloudFront
  • Route 53 is AWS’s Domain Name System (DNS) service that provides domain name resolution for applications on the Internet. It handles traffic routing based on configurable routing rules, allowing you to direct traffic to different destinations based on criteria such as geolocation, resource availability, and system health. It also offers health monitoring and failover features to ensure application reliability. It can be integrated with other AWS services like CloudFront, S3, and Elastic Load Balancer (ELB) to provide a reliable and performant user experience.
What is Amazon Route 53? AWS Route 53: Documentation & Cost (intellipaat.com)
  • Global Accelerator is an AWS service that improves the performance of web applications and APIs by distributing traffic across AWS’s global network. It optimizes traffic paths through AWS’s global network, reducing latency and improving application availability. It uses static IP addresses to ensure reliable and predictable connectivity for applications. It is particularly useful for applications that require low latency and high reliability on a global scale, such as online gaming, media streaming, and financial applications.
AWS — Global Accelerator Overview | by Ashish Patel | Awesome Cloud | Medium
  • Lambda@Edge is a feature of AWS Lambda that allows you to run serverless code at CloudFront edge locations around the world. It enables you to customize and optimize the delivery of content distributed via CloudFront without managing infrastructure. It can be used to add dynamic functionality to content distributed via CloudFront, such as image manipulation, content personalization based on geolocation, and user session management. It offers greater flexibility and scalability for content distribution on CloudFront, allowing you to easily implement custom routing and content management logic.
Edge Computing | CDN, Codice serverless globale, Distribuzione | AWS Lambda@Edge (amazon.com)

AWS services that handle request throttling

  • API Gateway offers throttling capabilities to limit the number of requests per second (RPS) or per minute (RPM) coming from a client.
REL05-BP02 Throttle requests — AWS Well-Architected Framework (amazon.com)
  • CloudFront provides throttling features to control both incoming and outgoing traffic, including limiting the number of requests from a single origin.
  • WAF (Web Application Firewall) includes throttling functionalities to limit the number of HTTP/S requests per IP or per origin.
  • For a Kinesis stream, you can configure stream throughput to manage the volume of data that can be processed, such as limits on the number of records or the total size of data that can be ingested into the stream within a specific period.
  • Amazon Kinesis Data Firehose can be configured to accept data from the Kinesis stream and deliver it directly to destinations like Amazon S3, Amazon Redshift, Amazon Elasticsearch, and others. Similarly, you can configure throughput limits for the Firehose stream to manage the volume of data that can be sent to the destinations.
  • Amazon SQS (Simple Queue Service) offers throttling features to manage the volume of messages that can be sent, retrieved, or processed from the queue within a specific period, allowing control over the flow of data through the messaging service.

AWS tools for migrating data from on-premises to the cloud

  • AWS Database Migration Service (DMS) allows migrating on-premises databases to managed databases on AWS, such as Amazon RDS, Amazon Aurora, and Amazon Redshift. Supports migration from various database sources, including relational and non-relational database servers.
What is AWS Database Migration Service? — AWS Database Migration Service (amazon.com)
  • AWS Server Migration Service (SMS) simplifies the migration of on-premises workloads to AWS by automating the replication of storage volumes and creating Amazon Machine Images (AMI) of on-premises servers for migration to Amazon EC2.
AWS Server Migration Service — Server Migration to the Cloud Made Easy | AWS Partner Network (APN) Blog (amazon.com)
  • AWS Snowball used to physically transfer large amounts of data from on-premises to AWS when network bandwidth is limited.
    It’s a secure physical device that can be shipped to transfer large data volumes.
  • AWS Snowmobile used to transfer truly massive amounts of data. It’s a mobile data transfer container that can transfer up to many petabytes of data in a single operation.
  • AWS DataSync simplifies and speeds up the transfer of large amounts of data from on-premises to AWS, using a combination of optimized network protocols and encryption to ensure fast and secure transfers.
How AWS DataSync transfers work — AWS DataSync (amazon.com)
  • Storage Gateway simulates a local file system within on-premises infrastructure, allowing applications to access data in S3 using NFS (Network File System) or SMB (Server Message Block) protocols.
    Useful for extending on-premises storage into the cloud for backup, file storage, or processing large volumes of data.
AWS Storage Gateway | Amazon Web Services

DataSync VS Storage Gateway

Purpose

  • AWS DataSync is a service designed to simplify and accelerate data transfer between on-premises storage systems and AWS storage services, such as Amazon S3 and Amazon EFS.
  • Storage Gateway is a service that provides on-premises applications with seamless access to data stored in Amazon S3 using standard file protocols such as NFS and SMB.

Transfer protocol

  • DataSync uses a combination of optimized network protocols and data compression to achieve fast and efficient data transfers.
  • Storage Gateway enables on-premises applications to read and write files directly to S3 buckets as if they were accessing a local file system.

Use cases

  • DataSync is suitable for scenarios where you need to move large amounts of data on a regular basis, such as data migration, data replication, or data backup.
  • Storage Gateway is for scenarios where you need to extend on-premises file storage into the cloud for purposes like backup, file sharing, or data archiving.

Operation

  • DataSync automates the process of scheduling and orchestrating data transfers, and it provides features like data integrity validation and bandwidth throttling.
  • Storage Gateway runs as a virtual machine or hardware appliance on-premises and acts as a bridge between on-premises applications and S3 storage. It caches frequently accessed data locally to improve performance.

Management

  • DataSync is a fully managed service, meaning AWS takes care of infrastructure provisioning, monitoring, and maintenance.
  • Storage Gateway requires setup and configuration on-premises, and you’re responsible for managing the gateway appliance, including updates and maintenance.

--

--

MayBeMan

Technician specialized in the security of electronic payment systems. Crypto supporter.