DEV Community

maso
maso

Posted on

DAY8 -Bonus

#aws #beginners #tutorial #cloud

Overview

Today, I’ll summarize the key points of the services that weren't covered in the hands-on sessions but appear frequently on the exam!
※You can check the exam scope from the link below.
https://docs.aws.amazon.com/aws-certification/latest/examguides/sap-02-in-scope-services.html

1. AWS Organizations

  • governance tool that allows centralized management of multiple AWS accounts.
  • SCP imposes maximum permission restrictions (i.e., even if SCP permits an action, it cannot be performed without corresponding IAM permissions).

2. CloudTrail / AWS Config

  • can check API call history using CloudTrail
  • can check resource State History using AWS Config

3. KMS / Secrets Manager / ACM

  • KMS : create/manage the encryption keys and control key usage
  • Secrets Manager : rotate DB passwords
  • ACM : manage certificates for ALB, CloudFront, API GW...

4. CloudFront / Global Accelerator

  • CloudFront : Cache and distribute at the edge CDN
  • Global Accelerator : Enter the nearest AWS edge and transport to the optimal region/endpoint

5. Transit Gateway / Site-to-Site VPN / Direct Connect

  • TGW : Multi-VPC/Multi-site Hub
  • VPN : two or more private networks over the internet
  • Direct Connect : two or more private networks over the dedicated line

6. Athena / Redshift / Glue

  • Athena : Instant SQL Analysis on S3 (Serverless)
  • Redshift : DWH (Data Warehouse, Business Intelligence)
  • Glue : ETL/Data Catalog

7. WAF / Shield

  • WAF : L7 (HTTP) filter (SQLi/XSS, IP Restriction, etc.)
  • Shield : DDoS Mitigation (especially edge/global)

8. ECS/Fargate/ECR

  • ECR : Docker image registry
  • ECS : An orchestrator that manages container execution, deployment, and scaling.
  • Fargate : One of the “execution platforms” for ECS (or EKS). Run containers without managing EC2 instances. ※It's important to understand how to choose between ECS on EC2 and Fargate ・ Don't want to manage the server/ Highly fluctuating workloads/ Small to medium-sized microservices → Fargate is better ・ Large-scale and continuously operational/ Host-level control is required → ECS on EC2 is better

That's all for this series!
After trying a few of the official AWS practice questions, I think I'll take the exam (once I get back to Japan)!
Thank you for reading!

Top comments (0)