All technological notes.
Exame:
AWS Certified Solution Architect - Associate (SAA-C03)Identity
Login
Billing
Solution Architecture
AWS SQS(FIFO, retention, Grouping, IAM+AP,Visibility Timeout, Long Polling, asg, buffer)AWS SNS(Message Filtering, IAM+AP, Fan-out)AWS Kinesis(Ingest real-time data, Streams(Real-time, can store replay, Partition Key), Firehose(serverless, near Real-time, to load), Analytics, Video Stream)Amazon MQ(MQ Broker, Multi-AZ with failover)Amazon EventBridge(Schema Registry, Resource-based Policy(centrol aggregate))Deploymnet
Data Migaration
Database Service
Database Migration Service & SCT(DB, continious replication )AWS Backup(Centrally manage and automate backups)Application Discovery Service & Migration Hub(plan, gather info)Application Migration Service(MGN)(simplify migrating applications)AppFlow(transfer data between Software-as-a-Service (SaaS) app and AWS)Amazon Athena(serverless, SQL, Federated Query, Parquet)Amazon Redshift(OLAP, Spectrum(S3 without loading), Enhanced VPC routing)Amazon EMR(Big Data, MapReduce, hadoop)Amazon QuickSight(Serverless, ml, BI, define users & groups dashboard )AWS Glue(serverless, ETL, Job Bookmarks,Elastic Views, DataBrew, Data Catalog, json CSV > Parquet)AWS Lake Formation(data lake, centralized access control)Amazon OpenSearch(partial matches, search any field, nearly real time)Kinesis Data Analytics(Real-time, Time-series, SQL app(firehose), Apache Flink(data stream))Amazon MSK(Apache Kafka, = Kinesis)AWS VPC(5 * 5, /16-28, default, reserves)Bastion Host(SSH)Internet Gateway(IGW)(connect to the Internet, 1/vpc, route tb)Nat Gateway(Elastic IP, no sg, lock to AZ, route tb)NACL (1/subnet,precedence, allow+deny, Stateless, Default, update) & Security Group(allow only, Stateful, refference)Egress-only Internet Gateway( NATGW for IPv6, route tb)VPC Peering(Privately connect two VPCs, NOT transitive, accounts/regions, route tb)VPC Endpoints(connect to AWS services by PrivateLink,Interface(ENI$),Gateway(r tb: s3+dyn))Site-to-Site VPN(public, VPGW(Route Propagation,ICMP)+CGW(public IP)), VPN CloudHub(diff sites), Direct Connect (DX)(Dedicated private, 1M, Hybrid,Dedicated/Host, not encrypted,Gateway: cross regions)Transit Gateway(transitive peering, Xregion/account, VPN ECMP:bandwidth)VPC Flow Logs(monitor, Troubleshoot SG & NACL)Traffic Mirroring(capture ENIs)Networking Service
Route 53(Hosted Zones, TTL(cache locally), Alias Records:AWS resource, Health Checks, Routing Policies)AWS CloudFront(cached, Origin Access Control+s3 policy, TTL, Geo, Price Classes, Cache Invalidation) & Global Accelerator(route app by internal, lowest latency, non-HTTP + Static IP)AWS API Gateway(versioning, Cache API responses, Edge-Optimized:default, IAM+Cognito)Other Services
AWS KMS(manages encryption keys, only customer keys need creation, C/M automatic rotation:1Y Import:mannual, lock to region, AC:policy(xAccount), Client-side+multi-region key, S3 Replication:de+en, Xacc: share KMS CMK)AWS Systems Manager(SSM)(View operational data, Parameter Store:(secrets+version, environment variables, Policies+TTL:force delete), Session Manager(shell+no SSH), Run Command(script), Patch Manager, Maintenance Windows(Automation) )AWS Secrets Manager(storing secrets, Multi-Region Secrets(replica))AWS Certificate Manager(ACM)(in-flight encryption, import cert notify expired:EventBridge+SNS,CloudFront :us-east-1)AWS Web Application Firewall(WAF)(http/Layer 7, ACL, no NLB, fixed IP: Globle acc+WAF+ALB)AWS Shield(DDoS attack, Advanced:24/7+bill)AWS Firewall Manager(Organization, Central:Security policy)Amazon GuardDuty(Account thread, ml, no CW log, VPC Flow+DNS+CloudTrail Event)Amazon Inspector(Security Assessments:ec2, ecs, lambda)AWS Macie(S3 sensitive data)AWS Network Firewall(VPC, traffic filtering)