从目前体验来说，亚麻这套学习资料非常简单易学，用了咖啡店的例子生动易懂，视频和文字配图也很直观。

我之前看微软的内容的时候之前懵懵懂懂，看了AWS的自我感觉非常良好。

以下记录了一些概念性的东西。

Introduction

Cloud Computing

Definition of cloud: Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing.
Undifferentiated heavy lifting of IT: AWS do. so the company can focus on what makes you unique.

Deployment models for cloud computing

cloud-based deployment

Run all parts of the application in the cloud.
Migrate existing applications to the cloud.
Design and build new applications in the cloud.

On-premises deployment is also known as a private cloud deployment.

Deploy resources by using virtualization and resource management tools.
Increase resource utilization by using application management and virtualization technologies.

In a hybrid deployment, cloud-based resources are connected to on-premises infrastructure.

Connect cloud-based resources to on-premises infrastructure.
Integrate cloud-based resources with legacy IT applications.

Benefits of cloud computing

Trade upfront expense for variable expense
Stop spending money to run and maintain data centers
Stop guessing capacity
Benefit from massive economies of scale
Increase speed and agility
Go global in minutes
将前期费用变成可变支出
无需在数据中心运行和维护方面投入资金
无需猜测容量
实现规模经济效益
提高速度和敏捷性
几分钟内实现全球化部署

Compute in the cloud

EC2 instance types

General purpose instances
- a balance of compute, memory, and networking resources
Compute optimized instances
- Compute optimized instances are ideal for compute-bound applications that benefit from high-performance processors.
- You can also use compute optimized instances for batch processing workloads that require processing many transactions in a single group.
Memory optimized instances
- Memory optimized instances are designed to deliver fast performance for workloads that process large datasets in memory.
Accelerated computing instances
- Accelerated computing instances use hardware accelerators, or coprocessors, to perform some functions more efficiently than is possible in software running on CPUs.
Storage optimized instances
- Storage optimized instances are designed for workloads that require high, sequential read and write access to large datasets on local storage.

EC2 Pricing

On-Demand
- short-term, irregular workloads that cannot be interrupted.
Amazon EC2 Savings Plans
- reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term.
Reserved Instances
- Reserved Instances are a billing discount applied to the use of On-Demand Instances in your account. You can purchase Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term, and Scheduled Reserved Instances for a 1-year term.
Spot Instances
- Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions.
Dedicated Hosts
- Dedicated Hosts are physical servers with Amazon EC2 instance capacity that is fully dedicated to your use.

Scaling EC2

Scalability: Scalability involves beginning with only the resources you need and designing your architecture to automatically respond to changing demand by scaling out or in. As a result, you pay for only the resources you use.
a function: Amazon EC2 Auto Scaling

Elastic Load Balancing

Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances.
海底捞领座小妹

Messaging and queuing

In a microservices approach, application components are loosely coupled. In this case, if a single component fails, the other components continue to work because they are communicating with each other.

you can take a microservices approach with services and components that fulfill different functions.
Amazon Simple Notification Service (Amazon SNS) is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
Amazon Simple Queue Service (Amazon SQS) is a message queuing service. Using Amazon SQS, you can send, store, and receive messages between software components, without losing messages or requiring other services to be available.

Additional compute services

AWS Lambda is a service that lets you run code without needing to provision or manage servers.
Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container management system that enables you to run and scale containerized applications on AWS.
Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed service that you can use to run Kubernetes on AWS.
AWS Fargate is a serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS.

Global Infrastrusture and reliability

An Availability Zone is a single data center or a group of data centers within a Region.
An edge location is a site that Amazon CloudFront uses to store cached copies of your content closer to your customers for faster delivery.

How to provision AWS resources

manage your AWS environment.

The AWS Management Console is a web-based interface for accessing and managing AWS services.
To save time when making API requests, you can use the AWS Command Line Interface (AWS CLI) : can automate the actions that your services and applications perform through scripts.
software development kits (SDKs). SDKs make it easier for you to use AWS services through an API designed for your programming language or platform. SDKs enable you to use AWS services with your existing applications or create entirely new applications that will run on AWS.
AWS Elastic Beanstalk is a service that helps you provision Amazon EC2-based environments.
AWS CloudFormation is an infrastructure as code tool that allows you to define a wide variety of AWS resources in a declarative way using JSON or YAML text-based documents called CloudFormation templates.

Networking

A networking service that you can use to establish boundaries around your AWS resources is Amazon Virtual Private Cloud (Amazon VPC).
Amazon VPC enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define. Within a virtual private cloud (VPC), you can organize your resources into subnets. A subnet is a section of a VPC that can contain resources such as Amazon EC2 instances.
To allow public traffic from the internet to access your VPC, you attach an internet gateway to the VPC.
To access private resources in a VPC, you can use a virtual private gateway.
AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and a VPC.
The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network.

Subnets and network access control lists

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.
Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

The VPC component that checks packet permissions for subnets is a network access control list (ACL).
（护照检查站 passport control officer）A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.
Network ACLs perform stateless packet filtering.
By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules.
无状态，默认接受所有入站流量

Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.
有状态，默认拒绝所有入站流量

Global networking

Domain Name System (DNS) resolution involves a customer DNS resolver communicating with a company DNS server.

You can think of DNS as being the phone book of the internet. DNS resolution is the process of translating a domain name to an IP address.

Amazon Route 53 把用户和AWS外的东西连接
use CloudFront to cache content closer to your actual consumers.

Storage and databases

instance store and Amazon Elastic Block Store 块存储

Instance store: 实例关了就没了 best for temporary data that is not kept long term
Amazon Elastic Block Store: best for data that requires rentention

Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.
An EBS snapshot is an incremental backup. This means that the first backup taken of a volume copies all the data. For subsequent backups, only the blocks of data that have changed since the most recent snapshot are saved.

Amazon Simple Storage Service (Amazon S3) 对象存储

any type of file
unlimited storage space
maximum 5TB of one file size

Amazon S3 storage classes

selecting an Amazon S3 storage class, consider these two factors:

How often you plan to retrieve your data
How available you need your data to be Amazon S3 Standard: frequently accessed data + three Availability Zones Amazon S3 Standard-Infrequent Access (S3 Standard-IA): infrequently accessed data Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA): single Availability Zone Amazon S3 Intelligent-Tiering
- Ideal for data with unknown or changing access patterns
- Requires a small monthly monitoring and automation fee per object
  Amazon S3 Glacier Instant Retrieval: Can retrieve objects within a few milliseconds
  Amazon S3 Glacier Flexible Retrieval: within a few minutes to hours
  Amazon S3 Glacier Deep Archive :within 12 hours
  Amazon S3 Outposts: Creates S3 buckets on Amazon S3 Outposts

if you are using complete objects or only occasional changes, S3 is victorious. If you are doing complex read, write, change functions, then, absolutely, EBS is your knockout winner.
如果您使用的是完整的对象，或者只是偶尔进行更改，那么 S3 会胜出。但如果您要进行复杂的读取、写入和更改操作，那么 EBS 绝对是您的不二之选

Amazon Elastic File System (Amazon EFS)

Compared to block storage and object storage, file storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.

Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources.
Amazon EFS is a regional service. It stores data in and across multiple Availability Zones.
The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect.

Amazon Relational Database Service (Amazon RDS)

a service that enables you to run relational databases in the AWS Cloud.

Amazon Aurora

Consider Amazon Aurora if your workloads require high availability.

Amazon DynamoDB

Amazon DynamoDB is a key-value database service. It delivers single-digit millisecond performance at any scale.
Serverless: don’t have to provision patch or manage servers
Automatic scaling: size can automatically adjust

Amazon Redshift

Amazon Redshift is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

AWS Database Migration Service (AWS DMS)

AWS Database Migration Service (AWS DMS) enables you to migrate relational databases, nonrelational databases, and other types of data stores.

Other

Amazon DocumentDB is a document database service that supports MongoDB workloads. (MongoDB is a document database program.)

Amazon Neptune is a graph database service.
Amazon Quantum Ledger Database (Amazon QLDB) is a ledger database service.
Amazon Managed Blockchain is a service that you can use to create and manage blockchain networks with open-source frameworks.
Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.
Amazon DynamoDB Accelerator (DAX) is an in-memory cache for DynamoDB.

Security

Shared responsibility model

The AWS shared responsibility model is about making sure both sides understand exactly what tasks are ours. Basically, AWS is responsible for the security of the cloud and you are responsible for the security in the cloud. Together, you have an environment you can trust.
这种模式类似于房主和建筑商之间的责任分工。建筑商 (AWS) 负责建造房屋并确保房屋结构的牢固性。作为房主（客户），您负责确保关门和锁门，从而保护屋内所有物品的安全。

User permissions and access

AWS Identity and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.
咖啡店店主创建收银员角色，并分配收银员权限的系统

AWS account root user

the root user as being similar to the owner of the coffee shop. It has complete access to all the AWS services and resources in the account.
Do not use the root user for everyday tasks.

IAM users

An IAM user is an identity that you create in AWS.
默认空权限

IAM policies

An IAM policy is a document that allows or denies permissions to AWS services and resources.
Follow the security principle of least privilege when granting permissions.

IAM groups

An IAM group is a collection of IAM users.

IAM roles

An IAM role is an identity that you can assume to gain temporary access to permissions.
IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long-term.

Multi-factor authentication

In IAM, multi-factor authentication (MFA) provides an extra layer of security for your AWS account.

AWS Organizations

Suppose that your company has multiple AWS accounts. You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.
In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

An individual member account

– An organizational unit (OU)

Compliance

AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements.

AWS Artifact Agreements
- 和aws签订协议
AWS Artifact Reports
- 提供第三方的合规报告

Customer Compliance Center

The Customer Compliance Center contains resources to help you learn more about AWS compliance.

Denial-of-service attacks

A denial-of-service (DoS) attack is a deliberate attempt to make a website or application unavailable to users.

AWS Shield

AWS Shield is a service that protects applications against DDoS attacks
高级版收费，可以集成其他服务并且自定义规则
It also integrates with other services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can integrate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

AWS Key Management Service (AWS KMS)

AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys.

AWS WAF

AWS WAF is a web application firewall that lets you monitor network requests that come into your web applications.

Amazon Inspector

Amazon Inspector helps to improve the security and compliance of applications by running automated security assessments.

Amazon GuardDuty

Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources.

Monitoring and Analytics

Amazon CloudWatch

Amazon CloudWatch is a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

AWS CloudTrail

AWS CloudTrail records API calls for your account.
CloudTrail Event History（CloudTrail 事件历史记录）

AWS Trusted Advisor

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?
哪项服务使您能够通过检查开放访问权限来查看 Amazon S3 存储桶的安全性？

AWS Trusted Advisor

Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.)
AWS Trusted Advisor 控制面板中包含哪些类别？（请选择两项。）

Performance
Fault tolerance

Pricing and Support

How AWS pricing works

Pay for what you use.
无需合同和许可
Pay less when you reserve.
Pay less with volume-based discounts when you use more.

Billing dashboard

Use the AWS Billing & Cost Management dashboard to pay your AWS bill, monitor your usage, and analyze and control your costs.

Consolidated billing

The consolidated billing feature of AWS Organizations enables you to receive a single bill for all AWS accounts in your organization.
Another benefit of consolidated billing is the ability to share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization.

AWS Budgets

In AWS Budgets, you can create budgets to plan your service usage, service costs, and instance reservations.

AWS Cost Explorer

AWS Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

AWS Support

AWS offers four different Support plans to help you troubleshoot issues, lower costs, and efficiently use AWS services.

Basic: Free
- whitepapers, documentation, and support communities. With Basic Support
- limited selection of AWS Trusted Advisor checks.
- AWS Personal Health Dashboard
Developer
- – Best practice guidance
- Client-side diagnostic tools
- Building-block architecture support, which consists of guidance for how to use AWS offerings, features, and services together
Business
- – Use-case guidance to identify AWS offerings, features, and services that can best support your specific needs
- All AWS Trusted Advisor checks
- Limited support for third-party software, such as common operating systems and application stack components
Enterprise On-Ramp
- – A pool of Technical Account Managers to provide proactive guidance and coordinate access to programs and AWS experts
- A Cost Optimization workshop (one per year)
- A Concierge support team for billing and account assistance
- Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard
Enterprise
- – A designated Technical Account Manager to provide proactive guidance and coordinate access to programs and AWS experts
- A Concierge support team for billing and account assistance
- Operations Reviews and tools to monitor health
- Training and Game Days to drive innovation
- Tools to monitor costs and performance through Trusted Advisor and Health API/Dashboard

Which Support plan includes all AWS Trusted Advisor checks at the lowest cost?

Business

Technical Account Manager (TAM)

The Enterprise On-Ramp and Enterprise Support plans include access to a Technical Account Manager (TAM).

AWS Marketplace

AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?

AWS Budgets

Migration and Innovation

AWS Cloud Adoption Framework (AWS CAF)

At the highest level, the AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives.
At the highest level, the AWS Cloud Adoption Framework (AWS CAF) organizes guidance into six areas of focus, called Perspectives.

“业务视角”可以帮助您从业务策略和 IT 策略分离的模式转变为业务策略和 IT 策略一致的模式。
“运维视角”侧重于运营和恢复 IT 工作负载，以满足业务利益相关方的要求。
“人员视角”可以帮助人力资源 (HR) 员工为其团队做好采用云的准备，方法是更新组织流程和员工技能以纳入基于云的能力。
平台视角包括在云上实施新解决方案以及将本地工作负载迁移到云的原则和模式。
AWS 云采用框架的“安全视角”还可以帮助您确定不合规的方面，并规划持续的安全举措。
“监管视角”可以帮助您确定和实施 IT 监管的最佳实践，并利用技术为业务流程提供支持。

6 strategies for migration

When migrating applications to the cloud, six of the most common migration strategies that you can implement are:

Rehosting
Replatforming
Refactoring/re-architecting
Repurchasing
Retaining
Retiring

AWS Snow Family members

The AWS Snow Family is a collection of physical devices that help to physically transport up to exabytes of data into and out of AWS.
AWS Snow Family is composed of AWS Snowcone, AWS Snowball, and AWS Snowmobile.

AWS Snowball 提供两种类型的设备：

Snowball Edge Storage Optimized 设备非常适合大型数据迁移和重复传输工作流程以及具有较高容量需求的本地计算。
- 存储能力：80TB 硬盘驱动器 (HDD) 容量，用于数据块卷和与 Amazon S3 兼容的对象存储；1TB 的 SATA 固态硬盘 (SSD)，用于数据块卷。
- 计算能力：40 个 vCPU 和 80GiB 内存，可支持 Amazon EC2 sbe1 实例（相当于 C5）。
Snowball Edge Compute Optimized 可为机器学习、全动视频分析、分析和本地计算堆栈等使用案例提供功能强大的计算资源。
- 存储能力：42TB 的可用 HDD 容量，用于与 Amazon S3 兼容的对象存储或与 Amazon EBS 兼容的数据块卷；7.68TB 的可用 NVMe SSD 容量，用于与 Amazon EBS 兼容的数据块卷。
- 计算能力：52 个 vCPU、208GiB 内存和一个可选的 NVIDIA Tesla V100 GPU。设备运行 Amazon EC2 sbe-c and sbe-g 实例，这些实例相当于 C5、M5a、G3 和 P3 实例。

Innovation

利用 Amazon SageMaker，您可以快速轻松地开始处理机器学习项目，而无需遵循传统流程，手动协同使用不同的工具和工作流程。
Amazon Textract 是一种机器学习服务，可自动从扫描的文档中提取文本和数据。
Amazon Lex 是一种使您能够使用语音和文本构建对话界面的服务。
AWS DeepPracer 是一款自动驾驶 1:18 比例赛车，可用于测试强化学习模型。

错题

以下哪个工具用于通过脚本自动执行 AWS 服务和应用程序的操作？

AWS 命令行界面 (AWS CLI)
Amazon Redshift 是一种可用于进行大数据分析的数据仓库服务。它让您能够从多个来源收集数据，并帮助您了解数据中的关系和趋势。
Amazon Quantum Ledger Database (Amazon QLDB) 是一种分类账数据库服务。您可以使用 Amazon QLDB 查看对您的应用程序数据所做的所有更改的完整历史记录。
Amazon Route 53 是一种 DNS Web 服务。它为开发人员和企业提供一种可靠的方式，可以将最终用户路由到 AWS 中托管的互联网应用程序。
- – 将用户请求连接到 AWS 内部和外部的基础设施。
- 管理域名的 DNS 记录。
  Amazon CloudFront 是一种内容分发服务。
  它使用边缘站点网络来缓存内容并向全球客户分发内容。缓存内容时，将其作为副本存储在本地。内容可能是视频文件、照片、网页等。
“采用混合云方法运行基础设施”这一操作可以通过 AWS Outposts 执行。
“使用编程语言或文本文件预置资源”这一操作可以在 AWS CloudFormation 中执行。
“在 AWS 云中预置一个隔离的部分，以便在您定义的虚拟网络中启动资源”这一操作可以在 Amazon Virtual Private Cloud (Amazon VPC) 中执行。

如何描述可用区：正确答案是 AWS 全球基础设施的完全隔离部分。
可用区是指一个区域内的单个数据中心或一组数据中心。

可用区彼此相距数十英里。这有助于它们实现互连，以便为区域内运行的服务和应用程序提供支持。

安全组是一种虚拟防火墙，用于控制进出 Amazon EC2 实例的入站和出站流量。

默认情况下，安全组拒绝所有入站流量并允许所有出站流量。您可以添加自定义规则来配置应允许或拒绝的流量。

正确答案是一种为您的 AWS 基础设施和资源提供智能威胁检测的服务。

AWS GuardDuty 通过持续监控 AWS 环境中的网络活动和账户行为，来识别威胁。

其他答案不正确，因为：

“一种有助于保护您的应用程序免受分布式拒绝服务 (DDoS) 攻击的服务”这一答案描述的是 AWS Shield。
“一种检查应用程序的安全漏洞以及偏离最佳实践的情况的服务”这一答案描述的是 Amazon Inspector。
“一种让您能够监控进入 Web 应用程序的网络请求的服务”这一答案描述的是 AWS WAF.