shutterpopla.blogg.se - Aws solutions architect

#AWS SOLUTIONS ARCHITECT UPDATE#
#AWS SOLUTIONS ARCHITECT FULL#

Provisioned capacity should be used when we want to guarantee the availability of fast expedited retrieval from S3 Glacier within minutes.įor S3 static website hosting, the default provided URL is. 5,500 requests per second to retrieve data.For decryption, use CMK to decrypt data key into plain text and then decrypt data using plain text data key. Store encrypted data key and data in S3 buckets. Encrypt data using data key and delete data key. Generate a data key using Customer managed CMK. We can create event notification in S3 to invoke lambda function.Ĭustomer managed S3 encryption workflow. To make sure that S3 objects are only accessible from Cloudfront, create an Origin Access Identity (OAI) for Cloudfront and grant access to the objects to that OAI. SSE-KMS: AWS manages the data key, the user manages the master key.SSE-C: The user manages the encryption keys.SSE-S3: Data and master keys managed by S3.S3 does not support OPTIONS, CONNECT and TRACE methods. In the CORS configuration, the exact URLs must be added, with the correct protocol, i.e. If workload consists of PUT requests, use S3 transfer acceleration.If workload is mainly GET requests, integrate Cloudfront with S3.But, according to the new S3 performance announcement, this is not needed anymore. To increase performance, we can prefix each object name with a hash key along with the current date. For files larger than 100MB, multipart upload is recommended.Ĭross-region replication requires that versioning be enabled on both the source bucket and the destination bucket. S3 can store objects of size 0 bytes to 5 TB.Ī single PUT can transfer 5 GB max.

#AWS SOLUTIONS ARCHITECT UPDATE#

Update - AWS will stop supporting the URL path format for buckets created after September 30, 2020. When you enable logging on a bucket, the console both enables logging on the source bucket and adds a grant in the target bucket's access control list (ACL) granting write permission to the Log Delivery Group. User defined metadatas must start with x-amz-meta. If there isn't a null version, Amazon S3 does not remove any objects. The DELETE operation removes the null version (if there is one) of an object and inserts a delete marker, which becomes the current version of the object. All object level properties areĭELETE operation does not keep a copy unless you have versioning enabled.

Metadata and Storage class are object level properties.

Object level logging // Essentially CloudTrail.

In a newly created S3 bucket, everything // every additional option is turned off by default. Weighted routing policy is a good fit for blue-green deployments. Multivalue answer routing policy responds with upto 8 healthy records selected at random.

Health checks that monitor Cloudwatch alarms.

Health checks that monitor other health checks.

Health checks that monitor an endpoint.

Route53 does not directly log to S3 bucket, we can forward that from Cloudwatch, but can't do it directly.

Another Route 53 record in the same hosted zone.

S3 bucket that is configured as a static website.

For routing to RDS instance use CNAME with NO ALIAS // without ALIAS.ĪLIAS only supports the following services.

For routing to S3 bucket // Elastic load balancer use A record with ALIAS.

Route internet traffic to the resources for your domain.

Use managed and application level services to reduce cost of ownership.

Stop spending money on data center operations.

Scale horizontally to increase aggregate system availability.

Key AWS Service - AWS Identity and Access Management (IAM).

Implement a strong identity foundations.

Refine operations procedures frequently.

Make frequent, small, reversible changes.

Note - You can also check out this blog post where I describe my preparation strategy in detail. So if these notes helped you and you're planning to buy the courses or practices tests, please consider going through the links when you're buying.

#AWS SOLUTIONS ARCHITECT FULL#

Also, full disclosure, the links to the above courses are referral ones. So you should go through the notes only after you have done a course that explains the basics, such as the one from ACloudGuru. Again, after each test, note down the concepts I had difficulties with.

Attempt the practice tests by Jon Bonso at Udemy.

After each test, note down the concepts I had difficulties with. I recently got the AWS solutions architect associate certificate in July 2019, and wanted to share my notes with anyone who might benefit from it. Notes for AWS Certified Solutions Architect Associate