[AWS Solution Architect] Additional Info

CloudWatch alarm

• automated recovery of EC2 instance
• automatically stop / terminate / reboot / recover your EC2 instances.

  • stop or terminate actions

    help you save money when you need longer an instance to be running.

  • reboot and recover actions

    automatically reboot those instance or recover them onto new hardware if a system impairment occurs like hardware failure.

CloudWatch VS CloudWatch Agent

• CloudWatch

  tracks CPU, Network, Disk usage

• CloudWatch Agent

  tracks Memory, disk swap, disk space utilization

CloudTrail

• monitor API calls and actions
• governance, compliance, operational auditing, risk auditing logs calls between AWS services.
• turn on by default when you create your account
• but If you need more than 90 days, you need to create additional trail.
• CloudTrail can be set to deliver events to a CloudWatch log
• Trails are output to S3
  • don’t have GUI like event history
• To analyze a Trail, need Athena
• Management Events VS Data Events
  • Management Events
    • turned on by default
    • Tracks management operations ex) AttachRolePolicy
  • Data Events
    • turned off by defual
    • Tracks specific operations for specific AWS services ex) GetObject, PutObject, DeleteObject..

Elastic Beanstalk

• an easy-to-use service for deploying and scaling web applications and services
  • developed with Java, . NET, PHP, Node. js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.
• Auto Scaling
• monitoring application
• free. pay only for AWS resources

RDS

• support also Oracle (DynamoDB does not support Oracle)
• always comfirms to the ACID system (Atomicity, Consistency, Isolation, and Durability)

Aurora

• not serverless

FSx for Windows File Server

• using Active Directory
• files need to be shared internally
  • have access to files via Microsoft Windows platform
• Keep the expense to a minimum : cost = 0

• Request Pays on a S3 bucket

  making data available for third parties (the broader community)

VPC endpoint

• within the same region

Lambda resource policy

Kinesis Data Stream

• real-time

• EBS is not a target of Firehose (S3 is)
• Kinesis Data Stream + Firehose + S3
• Lambda is not efficient for huge real-time data

DynamoDB

• a fully managed, multi-Region, multi-active DB that delivers reliable performance at any scale
• scalable, available,

DynamaDB Streams

• provide audit logging and monitoring using CloudTrail (Database auditing)

Redshift

• not DB

• refactoring & replatforming

  • not minimize modifications

Security groups VS Network ACL

• security group
  • stateful : only inbound rule is okay
  • for instance
  • can’t deny (all is denid by default)
• Network ACL
  • stateless : need both inbound and outbound rule
  • for VPC subnet
  • can deny