Management & Governance Flashcards

There are several ways to launch resources in AWS. You can use the AWS Management Console or Command Line Interface (CLI) or you can automate the process by using tools such as AWS CloudFormation.

With AWS CloudFormation you can deploy infrastructure such as Amazon ElastiCache clusters by defining your desired configuration state in code using a template file written in JSON or YAML. CloudFormation will then deploy the resources by creating a Stack according to the template file.

• AWS Concierge is incorrect. The Concierge Support Team is available for customer who have an Enterprise level support plan. This team does not launch resources for you.
• AWS Systems Manager is incorrect. Systems Manager will not launch an ElastiCache cluster for you.
• AWS Data Pipeline is incorrect. AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services.

Reference:
AWS CloudFormation

Save time with our AWS cheat sheets.

AWS Trusted Advisor can improve the performance of your service by checking your service limits, ensuring you take advantage of provisioned throughput, and monitoring for overutilized instances.

• Amazon Inspector is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
• Amazon CloudWatch is incorrect. CloudWatch monitors performance but does not provide recommendations for optimization.
• AWS CloudTrail is incorrect. CloudTrail is an auditing service.

Reference:
AWS Trusted Advisor

Save time with our AWS cheat sheets.

Amazon OpenSearch Service is designed to set up, manage, and scale search and analytics solutions, providing the necessary functionalities to efficiently find articles based on different criteria.

• Amazon SQS is incorrect because it is a message queuing service used to decouple the components of a cloud application, not suited for setting up a search functionality for a web application.
• AWS Lambda is incorrect as it is mainly used to run code in response to events and automatically manage the computing fleet, which does not inherently provide a search functionality for a website’s content.
• Amazon EC2 is incorrect because, although it is used to host applications and can technically host a web application, it does not specialize in setting up search functionalities within a web application.

Reference:
Amazon OpenSearch Service features

The AWS Health Dashboard is the single place to learn about the availability and operations of AWS services. You can view the overall status of AWS services, and you can sign in to view personalized communications about your particular AWS account or organization. Your account view provides deeper visibility into resource issues, upcoming changes, and important notifications.

• AWS Service Health Dashboard is incorrect. This shows the current status of services across regions. However, it does not provide proactive notifications of scheduled activities or guidance of any kind.
• AWS Trusted Advisor dashboard is incorrect. AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices.
• Amazon CloudWatch dashboard is incorrect as this service is used for monitoring performance related information for your infrastructure and resources, not the underlying AWS resources.

Reference:
AWS Health

Save time with our AWS cheat sheets.

AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments,

• AWS Config is incorrect. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
• AWS CloudFormation is incorrect. AWS CloudFormation provides a common language for you to model and provision AWS and third party application resources in your cloud environment.
• AWS Systems Manager is incorrect. AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

Reference:
AWS OpsWorks

Save time with our AWS cheat sheets.

AWS Organizations offers Service control policies (SCPs) which are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions (API actions) for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines. SCPs are available only in an organization that has all features enabled.

• Amazon Macie is incorrect. Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
• AWS Shield is incorrect. AWS Shield a service that protects workloads against distributed denial of service (DDoS) attacks.
• AWS IAM is incorrect. AWS IAM is used for assigning permissions but SCPs in AWS Organizations are used to control which API actions are allowed in an account. You need to be granted permission in IAM and have the API allowed to be able to use the API successfully.

Reference:
Service control policies (SCPs)

Save time with our AWS cheat sheets.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

Think of CloudTrail is an auditing service (who did what and when), and CloudWatch as a performance monitoring service (how much resource was used).

• AWS Directory Service is incorrect. This service provides several options for running directory services on AWS and connecting to directory services on-premises.
• Amazon Inspector is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS
• Amazon CloudWatch is incorrect. CloudWatch is used for performance monitoring, not auditing.

Reference:
AWS CloudTrail

Save time with our AWS cheat sheets.

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

• AWS Control Tower is incorrect. AWS Control Tower is a service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale
• AWS CloudTrail is incorrect. CloudTrail is used for auditing (who did what and when), it is not used for monitoring operational health.
• AWS Config is incorrect. Config is used for managing compliance for AWS services.

Reference:
Amazon CloudWatch

Save time with our AWS cheat sheets.

AWS Elastic Beanstalk and AWS CloudFormation are both examples of automation. Beanstalk is a platform service that leverages the automation capabilities of CloudFormation to build out application architectures.

• Elastic Load Balancing is incorrect. Elastic Load Balancing (ELB) is used for distributing incoming connections to Amazon EC2 instances. This is not an example of automation; it is load balancing.
• Amazon Elastic File System (EFS) is incorrect. Amazon EFS is a file system.
• AWS Lambda is incorrect. AWS Lambda is a compute service, not an automation service.

References:

• AWS Elastic Beanstalk
• AWS CloudFormation

Save time with our AWS cheat sheets.

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts. Every organization in AWS Organizations has a management account that pays the charges of all the member accounts. With consolidated billing you can take advantage of cost savings for services that have tiered licensing models.

• AWS Budgets is incorrect as AWS Budgets is a cost controlling feature, which allows you to set custom budgets to alert at various spend levels. It does not apply discounts based on volume use.
• Cost Explorer is incorrect. AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time, but does not have anything to do with discounting AWS Service spend.
• AWS Cost and Usage Report is incorrect also. The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available - but doesn’t provide any discounts or consolidated billing.

Reference:
Consolidating billing for AWS Organizations

Save time with our AWS cheat sheets.

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work.

• Amazon Simple Workflow Service (Amazon SWF) is incorrect, as Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps, and is a fully managed state tracker and task coordinator in the Cloud.
• Amazon Simple Notification Service (Amazon SNS) is incorrect. Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication and does not directly decouple application components.
  AWS Glue’’ is incorrect. AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development, and does not decouple your architecture.

Reference:
Amazon Simple Queue Service

Save time with our AWS cheat sheets.

AWS Organizations is a web service that enables you to consolidate your multiple AWS accounts into an organization and centrally manage your accounts and their resources. The AWS Organizations API can be used to create AWS accounts and this can be automated through code.

• AWS QuickSight is incorrect. Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in your organization.
• Amazon LightSail is incorrect. LightSail offers virtual servers (instances) that are easy to set up and backed by the power and reliability of AWS.
• Amazon Connect is incorrect. Amazon Connect is an easy to use omnichannel cloud contact center that helps companies provide superior customer service at a lower cost

Reference:
Welcome to the AWS Organizations API Reference

Save time with our AWS cheat sheets.

AWS Config is a fully-managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and regulatory compliance.

• AWS Service Catalog is incorrect. AWS Service Catalog is used to create and manage catalogs of IT services that you have approved for use on AWS, including virtual machine images, servers, software, and databases to complete multi-tier application architectures.
• AWS Artifact is incorrect. AWS Artifact is a central resource for compliance-related information. This service can be used to get compliance information related to AWS’ certifications/attestations.
• Amazon Inspector is incorrect. Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Reference:
How AWS Config Works

Save time with our AWS cheat sheets.

The AWS Health API is available to all Business, Enterprise On-Ramp, or Enterprise Support customers. You can use the API operations to get information about events that might affect your AWS services and resources.

• AWS DDoS Response Team (DRT) is incorrect. This is not available through a support plan, but through the AWS Shield Advanced service.
• AWS technical account manager (TAM) is incorrect. You get a dedicated AWS TAM when you have Enterprise Support, and you get access to a pool of TAMs when you are using Enterprise On-Ramp.
• AWS Support concierge is incorrect. This is only available to Enterprise Support customers.

Reference:
Integrating AWS Health with other systems using the AWS Health API

Save time with our AWS cheat sheets.

CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs. You can perform queries to help you more efficiently and effectively respond to operational issues. If an issue occurs, you can use CloudWatch Logs Insights to identify potential causes and validate deployed fixes.

• Amazon EventBridge (Amazon CloudWatch Events) is incorrect. Amazon EventBridge is a serverless event bus that ingests data from your own apps, SaaS apps and AWS services and routes that data to targets.
• Amazon CloudWatch Logs streams is incorrect. A log stream is a sequence of log events that share the same source. Each separate source of logs in CloudWatch Logs makes up a separate log stream. This does not utilize queries.
• Amazon CloudWatch anomaly detection is incorrect. When you enable anomaly detection for a metric, CloudWatch applies statistical and machine learning algorithms. These algorithms continuously analyze metrics of systems and applications, determine normal baselines, and surface anomalies with minimal user intervention.

Reference:
Analyzing log data with CloudWatch Logs Insights

Save time with our AWS cheat sheets.