🚀
Blog/
☁️
Cloud Resources/
☁️
AWS Solution Architect Notes/
Notes post simulations - knowledge juice

Notes post simulations - knowledge juice

EC2/Auto scaling

You can put an instance that is in the InService state into the Standby state, update some software or troubleshoot the instance, and then return the instance to service. Instances that are on standby are still part of the Auto Scaling group, but they do not actively handle application traffic.
Single tenant hardware ⇒ Dedicated instances
You are limited to running On-Demand Instances per your vCPU-based On-Demand Instance limit, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region.
When the instance state is stopping, you will not billed if it is preparing to stop however, you will still be billed if it is just preparing to hibernate.
A recovered instance (from an AWS failure) is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata. If the impaired instance is in a placement group, the recovered instance runs in the placement group.
Amazon EC2 Auto Scaling creates a new scaling activity for terminating the unhealthy instance and then terminates it. Later, another scaling activity launches a new instance to replace the terminated instance
You cannot enable hibernation in one instance. You can only migrate the application to an EC2 instance with hibernation enabled.

Storage

EBS RAID 1 is used when fault tolerance is more important than I/O performance. In that case, you need two EBS volumes.
EBS volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions.
 
Storage gateway allows to backup data directly on S3 Deep Archive.
To copy data from a source bucket to a destination bucket you can use the aws s3 sync command
To route the traffic using Route53 to a website hosted in S3 you need a registered domain name and the S3 bucket name must be the same as the domain name. - totally nosense for me.
 
In EFS POSIX permissions allow you to restrict access from hosts by user and group. EFS Security Groups act as a firewall, and the rules you add define the traffic flow.
EFS lifecycle policy ⇒ max 90 days
 

DB

IAM database authentication works with MySQL and PostgreSQL. With MySQL, authentication is handled by AWSAuthenticationPlugin—an AWS-provided plugin that works seamlessly with IAM to authenticate your IAM users.
The database engine level upgrade for RDS will trigger both primary and satndby db to be upgraded at the same time. This causes downtime until the upgrade is complete. - This is not true for upgrades like OS patching, DB instance scaling in a multi-AZ environment.
Creating your read replica as a Multi-AZ DB instance is independent of whether the source database is a Multi-AZ DB instance.
You can invoke an AWS Lambda function from an Amazon Aurora MySQL-Compatible Edition DB cluster with a native function or a stored procedure. This approach can be useful when you want to integrate your database running on Aurora MySQL with other AWS services.
Cannot change directly an aurora instance class to serverless. You have to use the DMS to migrate to a new serverless DB.
When restoring an RDS database to a specific point in time the default DB security group is applied to the new DB instance.
 
If you have an Amazon Aurora Replica in the same or a different Availability Zone, when failing over, Amazon Aurora flips the canonical name record (CNAME) for your DB Instance to point at the healthy replica, which in turn is promoted to become the new primary. Start-to-finish failover typically completes within 30 seconds.
If you are running Aurora Serverless and the DB instance or AZ becomes unavailable, Aurora will automatically recreate the DB instance in a different AZ.
If you do not have an Amazon Aurora Replica (i.e., single instance) and are not running Aurora Serverless, Aurora will attempt to create a new DB Instance in the same Availability Zone as the original instance. This replacement of the original instance is done on a best-effort basis and may not succeed, for example, if there is an issue that is broadly affecting the Availability Zone.
 

Other

 
Disabling GuardDuty will delete all the data
 
Enable DNS hostnames and DNS resolution for private hosted zones to perform DNS queries inside a VPC
To make a Direct Connection more resilient, you can implement a VPN connection and use the same BGP prefix. In this way, the Direct Connect link will always be preferred unless it is unavailable.
 
Kinesis Agent cannot write to a Kinesis Firehose for which the delivery stream source is already set as Kinesis Data Streams
 
Amazon EventBridge is recommended when you want to build an application that reacts to events from SaaS applications and/or AWS services. Also SNS can be used for event-based services but hasn’t integrations with other tools.
 
The IAM service supports only one type of resource-based policy called a role trust policy, which is attached to an IAM role.
 
In the pilot live DR strategy, data are live but services are in IDLE.
 
With CloudFront Functions, you can write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.
 
AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own private cellular network, with all required hardware and software provided by AWS.
 
Use direct updates when you want to quickly deploy your updates. With change sets, you can preview the changes AWS CloudFormation will make to your stack, and then decide whether to apply those changes.
 
ALB supports gRCP as protocol
 
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
 
Active-Active Failover
Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Route 53 can detect that it's unhealthy and stop including it when responding to queries.
 
To add permissions to ECS task, use the taskRoleArn.
 
API Gateway caching can be only enabled for a stage, not a methog