Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
AWS Well Architected
| Question | Answer |
|---|---|
| Well Architected Frame Work | 5 areas: Operational Excellence, Security, Performance, Reliability, and Cost Effectiveness. The white paper gives you 10 to 15 questions in each area to help you design. |
| Traditional environment design thinking | Had to guess infrastructure needs. Could not afford to test at scale. Had a fear of change. Could not justify experiments. Face architecture that was frozen in time. |
| Cloud environment design thinking | Stop guessing your capacity needs. Test at production scale. Make experimentation easier. Allow for architectures to evolve. Build data-driven architectures. Improve through game days. |
| Operational excellence pillar | The ability to run and monitor systems to deliver value and to continually improve supporting processes and procedures. You need to prepare, operate, and evolve, |
| Security pillar | The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Things to think about here are identify and access management, detective controls, infrastructure protection, data protection, incident response |
| Reliability pillar | The ability of a system to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. Things to consider here are foundations, change management, failure management. |
| Performance efficiency pillar | The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiencies as demand changes and technologies evolve. Things to consider here are selection, review, monitoring, and trade offs. |
| Cost optimization pillar | The ability to avoid or eliminate unneeded cost or suboptimal resources. Things to consider here are cost-effective resources, matching supply and demand, expenditure awareness, optimizing over time. |
| OE Pillar 3 areas of focus | Improving the execution of your operations over time, ensuring that your team has the procedures and skills to operate a workload, and having defined and tested processes for responding to events. |
| OE Pillar in a Traditional enviroment | Manual changes meant you didn't want it often so you batched them together into large releases. No time to learn from mistakes and you couldn't keep up with current information. |
| OE Pillar in Cloud environment | Perform operations with code, make frequent small reversible changes, refine operations procedures frequently with game days, anticipate failure, learn from all operational failures, annotate documentation |
| OE Pillar uses AWS CloudFormation | Prepare - AWS Config to create standards with workloads Operate - Amazon Cloud Watch allows you to monitor the operational health of a workload Evolve - Amazon Elasticsearch Service allows you to analyze your log data for quick and secure insights. |
| OE Pillar Prepare | Need to have common goals to create common operational priorities;. Use the priorities to focus improvement efforts to where they will matter most. Design for operations focuses on architecting for run time to enable deployments of workloads to mitigate risks or fix defects. Design templates and standards should be shared across the orgs. Operational readiness is focused on validating the readiness of the workload to enter production and the readiness of the operations team to support the workload. |
| Runbooks | Routine operations procedures should be captured in runbooks by the operations team. |
| Playbooks | Process for issue resolution should be captured in playbooks. |
| Ideally, procedures | Should be scripted to increase consistency in execution, enable automation in response to observed events, and reduce human error. |
| OE Pillar Business Needs | Business needs dictate operation priorities and priorities should be updated as business needs change. Involve business and development team in setting operational priorities. Consider internal and external compliance requirements when setting operational priorities. Consider trade offs among operational priorities, and make informed decisions. |
| OE Pillar Operate | Operational health is defined by business and customer outcomes. To understand operation health, you must define metrics to measure the workload against expected outcomes. By establishing baselines and analyzing the metrics, you can ID areas to improve. Both planned (sales promotions, deployments, and gamedays) and unplanned (surges in utilization or component failure) operational events should be anticipated. Runbooks and playbooks should be used to enable consistent responses to events and limit error |
| OE Pillar Operate Best Practice 1 | Have an event, incident, and problem management process. You should have defined processes for: Observed events, Events that require intervention: incidents, either recur or cannot currently be resolved (problems). Any event that raises an alert should have a defined response in a runbook or playbook. Defined alerts should be owned by a role or team who is responsible for escalation. |
| OE Pillar Operate Best Practice 2 | Runbooks or playbooks should define what triggers escalation, the process for escalation. and specifically identify owners for each action. Escalations may include third parties like 3rd party vendors or AWS support. Users should be notified when the services they consume are affects and told when things go back to normal. |
| OE Pillar Evolve | Use dedicated work cycles to make continuous improvements to your operations. Customers should learn from experience, analysis and cross team reviews. Validate opportunities and evaluate them. If desired results are not met, you should consider alternatives and share what you learn across your teams. |
| OE Piller Evolve Best Practice | Procedures should feedback loops to identify areas for improvement. Feedback should be used to prioritize and drive improvements where needed. Feedback on the operation procedures should be used to address issues with the procedures and further optimize them. Feedback should come from operation activities, customer experience, and business and development teams. |
| Security Pillar | 5 things to think about with Security Pillar: 1. Who can do what with Identity and access management. 2. Detecting security events with detecting controls. 3. Protecting systems with infrastructure protections. 4. Confidentiality and integrity of data. 5. Incident response |
| Security Pillar in the Cloud Enviroment | Implement a strong identity foundation, enable traceability, apply security at all layers, automate security best practices, protect data in transit and at rest, prepare for security events, and keep people away from data. |
| Security Pillar AWS Identity and Access Management IAM | Allows you to securely control access to AWS services and resources for your users. |
| Security Pillar Identity and Access Management Key Services | AWS IAM, AWS Organizations, MFA Token is an extra layer of protection, Temporary Security Credential |
| Security Pillar Detective Controls Key Services | AWS CloudTrail records AWS API calls, AWS Config provides a detailed inventory of your AWS resources and configuration, Amazon CloudWatch is a monitoring service for AWS resources. |
| Security Pillar Infrastructure Protection Key Services | Amazon VPC lets you provision a private isolated section of the AWS cloud where you can launch AWS resources in a private network, Amazon Inspector, AWS Shield, AWS WAF |
| Security Pillar Data Protection Key Services | Amazon Macie, AWS Key Management Service makes it easy for you to create and control keys used for encryption, Amazon S3, Amazon Elastic Block Store, Elastic Load Balancing, Amazon RDS. You can encrypt your data across each of these and Macie automatically protects sensitive data while |
| Security Pillar Detective Controls Key Services | AWS Identity and Access Management should be used to grant appropriate access to response teams, AWS CloudFormation can be used to create a trusted environment for investigations. |
| Security Pillar Identity and Access Management Best Practice 1 | AWS IAM ensures that only authorized and authenticated users are able to access your resources. And only in a manner that is intended. For example, an IAM policy contains a list of specific granular permissions that govern access. A Role-based access control (RBAC) is aligned with an end user's role or function. Password protection includes password complexity requirements and change intervals. |
| Security Pillar Identity and Access Management Best Practice 2 | These identity and access elements are critical in an information security architecture because they represent the core concepts of user authentication and authorization. In AWS IAM service will let you apply granular policies that will grant permissions to a user, group, role, or resource. And you also can require strong password practices such as complexity, reuse, and MFA. You can also do federation with existing directory service. LDAP |
| Security Pillar Best Practice IAM Keys and Credentials | Effectively manage your keys and credentials. The moment you create a new AWS account, you need to secure it because it is your data center. Even if you have one user, set up a user login, and do not use the root account or email address to sign in. Besides login credentials, you can generate access keys to gain access to your resources. These access keys should never ever be put into code or stored insecurely. |
| Security Pillar Best Practice Amazon Cognito | One of the key benefits of using Cognito is its identity broker component. It creates a unique identifier and matches it when users login with any of the login providers. Dev's have the flexibility to choose any login provider. The focus is on users, not login providers. Cognito gives each app a set of limited and temporary credentials for each app user to access all AWS services. |
| Security Pillar Best Practice Detective Controls Overview | You can use detective controls to identify a security event. They are a normal part of governance frameworks and can be used to support an equality process, legal compliance operation, or threat identification and response efforts. There are 3 types of controls: 1. Life cycle controls to establish operational baselines, 2. Internal auditing to examine controls, 3. Automated alerting. |
| Security Pillar Best Practice Detective Controls Automating Security Responses | When security events happen, you may have a playbook to follow but you are still dependent on someone recognizing it's time to use that playbook or someone recognizing it's a security event. Just because you know it's happening doesn't mean you'll do it right. Detective controls allow you to automate the execution of your playbook when certain events happen. With Cloudtrail and Cloudwatch events, you can execute code when users perform a control plane action. |
| In network routing, the control plane is the part of the router architecture that is concerned with drawing the network topology, or the information in a routing table that defines what to do with incoming packets. Control plane functions, such as participating in routing protocols, run in the architectural control element.In most cases, the routing table contains a list of destination addresses and the outgoing interface(s) associated with them. | |
Created by:
johnscraigslistalerts