AWS SAA Exam Concepts: Q&A Guide, Exams of Computer Science

A compilation of questions and answers related to aws (amazon web services) solutions architect associate (saa) exam concepts. It covers key topics such as regions, availability zones (azs), iam (identity and access management), ec2 (elastic compute cloud), ebs (elastic block storage), and more. This guide is designed to help individuals preparing for the aws saa exam by providing clear explanations and definitions of essential aws concepts, instance types, security measures, and purchasing options. It also includes information on iam security tools, best practices, and various ec2 features like security groups, instance connect, and placement groups. The content is structured to facilitate understanding and retention of critical information for exam success.

Typology: Exams

2025/2026

Available from 11/23/2025

KattyJennifer-1
KattyJennifer-1 🇺🇸

5

(2)

6.1K documents

1 / 32

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 32
AWS SAA Exam (Concepts) Questions and Answers Rated A
Region - -Regions in AWS refer to
geographical locations around the world where
AWS data centers are located. Each region is a
separate geographic area that consists of
multiple availability zones. AWS regions allow
users to deploy resources close to their end-
users or in specific geographic locations for
compliance purposes.
AZ - -Availability Zones (AZs) in AWS are
isolated locations within a region for fault
tolerance. They provide redundancy and
scalability by ensuring resources are spread
across multiple data centers. AZs enable high
availability, fault isolation, load balancing,
disaster recovery, and compliance with data
residency requirements.
IAM - -IAM (Identity and Access
Management) is AWS's service for securely
managing user access to resources. It controls
permissions, supports auditing, and integrates
with other AWS services.
IAM Users - -Individuals or services
granted access to AWS resources. Managed via
IAM, users have credentials and defined
permissions. They can belong to groups for
easier management, and their access can be
controlled and monitored through policies for
security and compliance.
IAM Groups - -Groups allow for easier
management of permissions by assigning
policies to multiple users simultaneously. This
simplifies access control and ensures
consistency across users with similar roles or
responsibilities.
IAM Policies - -JSON documents defining
permissions for IAM users, groups, or roles. They
specify what actions can be performed on which
resources. Policies can be attached to identities
or resources, allowing fine-grained access control
and security management within AWS.
IAM MFA - -An extra layer of security for
IAM users, requiring an additional verification
step beyond username and password, typically a
temporary code from a physical or virtual device.
MFA strengthens account protection against
unauthorized access.
Access Keys - -Credentials used by
applications or users to access AWS services
programmatically. Consists of an access key ID
and a secret access key. Access keys are
essential for authentication in API requests and
should be kept secure.
SDKs - -Tools and libraries provided by
AWS for developing applications that interact with
AWS services. SDKs are available in multiple
programming languages, facilitating seamless
integration and simplifying the process of
building, deploying, and managing applications
on AWS.
CLI - -A unified tool for managing AWS
services from the command line. It provides a set
of commands for performing tasks such as
managing resources, configuring services, and
automating workflows. The AWS CLI offers
flexibility and efficiency in interacting with AWS
services programmatically.
AWS Cloudshell - -A browser-based,
interactive shell environment provided by AWS. It
offers a command-line interface pre-configured
with AWS CLI and other tools, enabling users to
manage AWS resources directly from the
browser without needing to install or configure
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20

Partial preview of the text

Download AWS SAA Exam Concepts: Q&A Guide and more Exams Computer Science in PDF only on Docsity!

Region - - Regions in AWS refer to geographical locations around the world where AWS data centers are located. Each region is a separate geographic area that consists of multiple availability zones. AWS regions allow users to deploy resources close to their end- users or in specific geographic locations for compliance purposes. AZ - - Availability Zones (AZs) in AWS are isolated locations within a region for fault tolerance. They provide redundancy and scalability by ensuring resources are spread across multiple data centers. AZs enable high availability, fault isolation, load balancing, disaster recovery, and compliance with data residency requirements. IAM - - IAM (Identity and Access Management) is AWS's service for securely managing user access to resources. It controls permissions, supports auditing, and integrates with other AWS services. IAM Users - - Individuals or services granted access to AWS resources. Managed via IAM, users have credentials and defined permissions. They can belong to groups for easier management, and their access can be controlled and monitored through policies for security and compliance. IAM Groups - - Groups allow for easier management of permissions by assigning policies to multiple users simultaneously. This simplifies access control and ensures consistency across users with similar roles or responsibilities. IAM Policies - - JSON documents defining permissions for IAM users, groups, or roles. They specify what actions can be performed on which resources. Policies can be attached to identities or resources, allowing fine-grained access control and security management within AWS. IAM MFA - - An extra layer of security for IAM users, requiring an additional verification step beyond username and password, typically a temporary code from a physical or virtual device. MFA strengthens account protection against unauthorized access. Access Keys - - Credentials used by applications or users to access AWS services programmatically. Consists of an access key ID and a secret access key. Access keys are essential for authentication in API requests and should be kept secure. SDKs - - Tools and libraries provided by AWS for developing applications that interact with AWS services. SDKs are available in multiple programming languages, facilitating seamless integration and simplifying the process of building, deploying, and managing applications on AWS. CLI - - A unified tool for managing AWS services from the command line. It provides a set of commands for performing tasks such as managing resources, configuring services, and automating workflows. The AWS CLI offers flexibility and efficiency in interacting with AWS services programmatically. AWS Cloudshell - - A browser-based, interactive shell environment provided by AWS. It offers a command-line interface pre-configured with AWS CLI and other tools, enabling users to manage AWS resources directly from the browser without needing to install or configure

additional software. IAM Roles for AWS Services - - IAM entities with temporary credentials that AWS services assume to perform actions on your behalf. These roles enable secure access and simplify permissions management for services like Lambda, EC2, and others, enhancing security and reducing the need for long-term credentials. IAM Security Tools - - AWS services and features used to enhance the security of IAM (Identity and Access Management). These tools include IAM Access Analyzer, IAM Policy Simulator, and IAM Credentials Report, providing insights, simulations, and monitoring to help secure IAM configurations and permissions effectively. IAM Best Practices - - These practices include implementing the principle of least privilege, regularly reviewing and auditing permissions, enabling MFA, using IAM roles for temporary access, and leveraging IAM policies and groups for centralized management and consistency. EC2 - - A web service that provides resizable compute capacity in the cloud. It allows users to launch virtual servers (instances) and scale capacity up or down as needed. EC instances can be used for a variety of computing tasks, from hosting websites to running complex applications. EC2 User Data - - A feature allowing users to pass metadata to EC2 instances during launch. This data can be scripts, commands, or configuration files, enabling automated setup and customization of instances. Useful for tasks such as software installation, configuration, and bootstrapping. EC2 instance types - - t3.micro: Entry-level instance suitable for low-traffic applications and testing. m5.large: General-purpose instance offering balanced compute, memory, and networking resources. c5.xlarge: Compute-optimized instance designed for CPU-intensive workloads. r5.large: Memory-optimized instance optimized for memory-intensive applications and databases. p3.2xlarge: GPU-accelerated instance ideal for machine learning and graphics processing tasks. Security Groups (EC2) - - Virtual firewalls controlling inbound and outbound traffic for EC instances and other AWS resources. They act as a fundamental layer of security, allowing users to define rules that permit or deny specific types of traffic based on protocols, ports, and IP ranges. Common EC2 Ports - - SSH (Secure Shell): Port 22 FTP (File Transfer Protocol): Port 21 SFTP (SSH File Transfer Protocol): Port 22 (uses SSH) HTTP (Hypertext Transfer Protocol): Port 80 EC2 Instance Connect - - A feature allowing users to securely access EC2 instances using the AWS Management Console or CLI without needing to manage SSH keys manually. It leverages IAM policies for fine-grained control over who can access instances, enhancing security and simplifying access management.

in the AWS cloud. EBS Snapshots - - Point-in-time backups of Amazon EBS volumes. They capture the data stored on the volume and are stored in Amazon S3, providing a cost-effective way to create backups, replicate data across regions, and restore volumes to a previous state in case of data loss or corruption. AMI - - A template that contains the configuration, operating system, software, and data necessary to launch EC2 instances. AMIs are used to instantiate virtual servers in the AWS cloud and can be customized, shared, and version-controlled to meet specific application requirements. EC2 Instance Store - - Temporary block storage directly attached to EC2 instances. Instance store volumes offer high-performance, low-latency storage suited for temporary data, cache storage, and scratch space. However, data stored on instance store volumes is lost when the instance is stopped or terminated. EBS Volume Types - - General Purpose (SSD): Balanced performance for a wide range of workloads. Provisioned IOPS (SSD): High-performance SSD volumes for I/O-intensive applications. Throughput Optimized (HDD): Low-cost HDD volumes designed for frequently accessed, throughput-intensive workloads. Cold HDD: Lowest-cost HDD volumes for infrequently accessed data. Magnetic (Standard): Legacy magnetic volumes offering a baseline performance level at the lowest cost. EBS Multi-Attach - - A feature allowing a single EBS volume to be attached to multiple EC2 instances simultaneously. It enables shared access to data across multiple instances, facilitating clustered and distributed applications that require concurrent read and write access to a shared storage volume. EBS Encryption - - A feature providing data- at-rest encryption for Amazon EBS volumes. It encrypts data stored on EBS volumes using AWS-managed keys or customer-managed keys (CMKs) for enhanced security and compliance with data protection standards. EBS encryption helps safeguard sensitive data and prevent unauthorized access. Amazon EFS - - A scalable, fully managed file storage service for AWS cloud services and on-premises resources. It provides shared file storage accessible from multiple EC2 instances and supports NFSv4 protocol. EFS automatically scales storage capacity and throughput as needed, making it suitable for a wide range of use cases, including content repositories, data sharing, and application storage. EFS vs. EBS - - EFS (Elastic File System): Shared, scalable file storage for multiple EC instances via NFS. Suitable for scenarios requiring shared access across instances, scalability, and elasticity without managing storage provisioning. EBS (Elastic Block Store): Block-level storage volumes attached to individual EC2 instances. Ideal for applications needing low-latency, high- performance storage with persistence and fine- grained control over volume configuration. High Availability - - A system design approach aiming to minimize downtime by ensuring continuous operation and accessibility of services. It involves redundancy, fault

tolerance, and automated failover mechanisms to mitigate single points of failure and maintain service availability during planned maintenance or unexpected failures. Scalability - - The ability of a system to handle increasing workload by adapting its capacity without sacrificing performance. It can be achieved through horizontal scaling (adding more instances) or vertical scaling (increasing the resources of existing instances). Scalability ensures that a system can accommodate growth in demand efficiently while maintaining optimal performance and availability. ELB - - service that automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses. ELB enhances the availability and fault tolerance of applications by evenly distributing traffic and seamlessly routing requests to healthy targets, ensuring high performance and reliability. ALB - - A type of Elastic Load Balancer (ELB) that operates at the application layer (Layer 7) of the OSI model, allowing intelligent routing decisions based on content. ALB supports multiple protocols, including HTTP, HTTPS, and WebSocket, and provides advanced features like content-based routing, SSL offloading, and containerized application support. It's ideal for modern web applications and microservices architectures. Network Load Balancer - - A type of Elastic Load Balancer (ELB) that operates at the transport layer (Layer 4) of the OSI model, routing traffic based on IP protocol data. NLB is designed to handle high-throughput, low-latency networking use cases, such as TCP and UDP traffic, and is optimized for extreme performance and scalability. It's suitable for scenarios requiring ultra-high availability and scalability, such as high-traffic websites and microservices architectures. Gateway Load Balancer - - A type of load balancer designed to manage traffic to third-party virtual appliances (VAs) like firewalls, intrusion detection systems (IDS), and deep packet inspection (DPI) systems. It routes traffic to and from multiple VAs, helping to scale network security and inspection capabilities while maintaining high availability and reliability. ELB Sticky Sessions - - A feature that enables the load balancer to route subsequent requests from the same client to the same target instance, based on session affinity. Sticky sessions help maintain session state for applications that require it, such as those using cookies or other session-based mechanisms, ensuring consistent user experience and avoiding disruptions due to session changes between requests. Cross Zone Load Balancing - - A feature that evenly distributes incoming traffic across all healthy instances in all availability zones enabled for the load balancer. This ensures that each instance receives a balanced load regardless of the availability zone it resides in, optimizing performance and resource utilization across the entire fleet of instances. SSL certificates - - Certificates used to encrypt HTTPS traffic between clients and the load balancer, ensuring secure communication. ELB supports both AWS-managed certificates and custom SSL certificates uploaded to the AWS Certificate Manager (ACM). SSL certificates help protect sensitive data transmitted over the internet and establish trust between clients and

scalability, availability, and security for applications using Amazon RDS databases. RDS Proxy manages database connections, automatically scales to handle fluctuating workloads, and provides features like connection pooling, read/write splitting, and IAM authentication. It enhances database performance and resilience while simplifying application development and management. Elasticache - - A fully managed in-memory caching service by AWS that supports popular caching engines such as Redis and Memcached. ElastiCache improves application performance by storing frequently accessed data in-memory, reducing latency and relieving the load on backend databases. It's ideal for use cases requiring low-latency data access and high throughput, such as web applications, session management, and real-time analytics. DNS - - A decentralized naming system for computers, services, or any resource connected to the Internet. It translates domain names (like example.com) to IP addresses and vice versa, enabling users to access websites and other online services using human-readable domain names instead of numerical IP addresses. DNS plays a crucial role in internet communication and navigation.

    • Amazon Route 53 is a scalable and highly available Domain Name System (DNS) web service provided by AWS. It enables developers to manage DNS routing for their domains, including domain registration, DNS routing, health checking, and traffic management. Route 53 is designed to ensure low-latency, reliable, and efficient domain resolution for end-users accessing web applications and services. Route 53 -- TTL - - A setting that specifies the amount of time DNS resolvers should cache DNS records before querying the authoritative DNS servers again. TTL values are configured at the DNS record level in Route 53 and help control how quickly changes to DNS records propagate across the internet. Shorter TTL values result in faster DNS record updates but may increase DNS query volume and latency. CNAME - - A type of DNS record that maps an alias (or canonical name) to another domain name. CNAME records are useful for creating aliases for specific domains or subdomains, but they cannot be used for the root domain (apex) or other DNS record types like SOA or NS records. Alias - - A Route 53-specific feature that functions similarly to a CNAME record but with some important differences. Alias records can be used for the root domain (apex) and other DNS record types, and they work seamlessly with other AWS resources like CloudFront distributions, S3 buckets, Elastic Load Balancers, and CloudFront distributions. Alias records are resolved by Route 53 at the time of DNS resolution, resulting in faster response times and better performance compared to CNAME records. Routing policy - - A configuration setting in Amazon Route 53 that determines how DNS queries are routed to your resources. Simple Routing - - Routes traffic to a single resource, such as an IP address or a domain. Weighted Routing - - Distributes traffic across multiple resources based on assigned weights, allowing you to control the proportion of traffic sent to each resource.

Latency based routing - - Routes traffic to the resource with the lowest latency for the end user, based on their geographic location. Failover routing - - Routes traffic to a standby resource if the primary resource is unhealthy. Geolocation Routing - - Routes traffic based on the geographic location of the request, directing users to the nearest resources. Multivalue Answer Routing - - Returns multiple healthy records for a single DNS query, allowing clients to choose which resource to connect to. Route 53 Health Checks - - A feature in Amazon Route 53 that monitors the health and availability of endpoints, such as web servers, load balancers, and other resources. Health checks periodically send requests to endpoints and evaluate the responses to determine their health status. Route 53 Health Checks can be configured with various parameters, including endpoint type, request protocol, response code verification, and failure threshold. They help ensure high availability and reliability by automatically routing traffic away from unhealthy endpoints. Amazon S3 - - A scalable object storage service provided by AWS. S3 allows users to store and retrieve any amount of data, making it suitable for a wide range of use cases such as data backup, archival, content distribution, and data lakes. S3 provides high durability, availability, and scalability, along with features like versioning, encryption, and lifecycle management for managing data effectively. S3 Bucket Policy - - A JSON-based access policy applied to an S3 bucket, defining permissions for accessing and manipulating objects within the bucket. Bucket policies are used to control access at the bucket level and can specify rules for different operations, such as read, write, and delete. They allow fine-grained control over who can access the bucket and under what conditions, including specifying IP addresses, VPC endpoints, or IAM roles. S3 Website - - A feature of Amazon S3 that allows users to host static websites directly from S3 buckets. By configuring a bucket for static website hosting and setting the appropriate permissions, users can serve HTML, CSS, JavaScript, and other static files to web visitors. S3 Website hosting is cost-effective, highly scalable, and integrates seamlessly with other AWS services like Route 53 for DNS management and CloudFront for content delivery. S3 Versioning - - A feature of Amazon S that allows users to keep multiple versions of an object in the same bucket. With versioning enabled, S3 stores every version of an object when it is overwritten or deleted, providing a history of changes and enabling users to recover previous versions if needed. Versioning helps protect data from accidental deletion or overwrites and supports data retention and compliance requirements. S3 Replication - - A feature of Amazon S that automatically replicates objects from one S bucket to another in the same or different AWS region. S3 replication helps ensure data durability, availability, and compliance by maintaining identical copies of objects across

them locally, S3 Select allows users to apply filters and projections directly on the data stored in S3, reducing data transfer costs and improving query performance. This feature is particularly useful for querying large datasets stored in S using familiar SQL syntax. S3 Batch Operations - - A feature of Amazon S3 that enables users to perform large- scale, parallel data processing tasks on objects stored in S3. With S3 Batch Operations, users can automate tasks such as copying, tagging, encrypting, or deleting millions of objects with a single request, significantly reducing the time and effort required for data management tasks. This feature is ideal for scenarios requiring bulk operations on large datasets, such as data migrations, data lake management, and data archival. S3 Encryption - - Server-Side Encryption (SSE): S3 manages encryption keys and encrypts objects before saving them to disk. SSE supports SSE-S3 (using AES-256 encryption), SSE-KMS (using AWS Key Management Service), and SSE-C (using customer-provided keys). Client-Side Encryption: Users encrypt data before uploading it to S3 and manage the encryption keys themselves. S3 stores the encrypted data without accessing the encryption keys. S3 CORS - - A configuration setting in Amazon S3 that controls how web browsers allow web applications to access resources from different origins. By enabling CORS on S buckets, you can specify which origins are allowed to access resources in the bucket, as well as which HTTP methods and headers are permitted for cross-origin requests. This helps ensure secure and controlled access to S resources from web applications hosted on different domains. S3 MFA Delete - - A feature of Amazon S that adds an extra layer of security to bucket deletion by requiring multi-factor authentication (MFA) to permanently delete objects or suspend versioning on a bucket. When enabled, MFA Delete prevents accidental or unauthorized deletion of objects by requiring users to provide a valid MFA code in addition to their regular credentials. This helps protect data integrity and prevents data loss due to unauthorized actions. S3 Default Encryption - - A feature of Amazon S3 that allows users to specify a default encryption configuration for objects stored in a bucket. When enabled, S3 automatically encrypts all new objects uploaded to the bucket using the specified encryption method, such as Server- Side Encryption with AWS Key Management Service (SSE-KMS) or Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). This helps ensure that all data stored in the bucket is encrypted by default, providing an additional layer of security and compliance with data protection standards. S3 Access Logs - - A feature of Amazon S that allows users to log requests made to S buckets. When enabled, S3 Access Logs capture detailed information about every request, including the requester's IP address, the time of the request, the requested resource, and the response status. These logs are useful for monitoring and auditing access to S3 buckets, analyzing usage patterns, troubleshooting issues, and maintaining compliance with security and regulatory requirements. S3 Pre-signed URL's - - Temporary URLs generated by Amazon S3 that grant time-limited access to specific objects in a bucket. Pre-signed

URLs are signed using cryptographic signatures and can be used to provide temporary access to private objects without requiring users to have AWS credentials. They are commonly used for sharing private content securely, enabling temporary downloads/uploads, and providing time-limited access to resources for authorized users or applications. Glacier Vault Lock - - A feature of Amazon Glacier that enables users to enforce compliance controls on their data archives by implementing a write-once-read-many (WORM) model. Once enabled, Vault Lock prevents the modification or deletion of archive data for a specified retention period, ensuring data immutability and compliance with regulatory requirements. This feature helps protect data integrity and provides assurance that archived data remains unchanged and tamper-proof for the defined retention period. S3 Object Lock - - A feature of Amazon S that allows users to implement a write-once-read- many (WORM) model for individual objects stored in a bucket. Object Lock can be configured in either Governance mode or Compliance mode, providing varying levels of retention control and protection against object deletion or modification. This feature helps enforce data retention policies, ensure data immutability, and comply with regulatory requirements for data governance and compliance. S3 Access points - - A feature of Amazon S3 that simplifies managing access to shared data sets stored in S3 buckets. Access Points act as unique hostnames for S3 buckets and allow users to define access policies and permissions specific to each access point. They enable finer- grained access control and simplify access management for shared data, making it easier to securely share data with multiple users, applications, or AWS accounts. Access Points support features like VPC endpoint policies, bucket policies, and access logging to enhance security and compliance. S3 Object Lambda - - A feature that allows users to run custom code on S3 objects before returning them to an application. Object Lambda functions can modify or transform object data dynamically, enabling use cases such as on-the- fly data encryption, format conversion, or content augmentation. This feature provides flexibility and efficiency in processing S3 object data directly within the S3 service. Cloudfront - - Amazon CloudFront is a content delivery network (CDN) service provided by AWS. It delivers content, including web pages, videos, and APIs, to users globally with low latency and high transfer speeds. CloudFront caches content at edge locations worldwide, reducing latency and offloading origin servers. It's commonly used to accelerate website delivery, distribute video content, and improve the performance of web applications. Cloudfront Georestriction - - A feature allowing users to restrict access to content distributed via Amazon CloudFront based on the geographic location of the viewer. Georestriction enables users to specify countries or geographic regions from which content can be accessed or denied, helping enforce content licensing agreements, comply with regulatory requirements, or restrict access to sensitive content. Cloudfront price classes - - Price Class All Edge Locations: Includes all CloudFront edge locations worldwide, offering the highest performance and lowest latency but with

Amazon EBS: Hosting databases (e.g., MySQL, PostgreSQL), running applications requiring persistent storage (e.g., content management systems). Amazon EFS: Shared storage for containers and applications running on multiple EC2 instances, content repositories for development teams. Amazon Glacier: Long-term data archiving and backup, compliance and regulatory data retention, cold storage for infrequently accessed data. AWS Storage Gateway: Integrating on-premises storage with AWS services, disaster recovery for on-premises data, hybrid cloud storage solutions. SQS - - Amazon SQS (Simple Queue Service): A fully managed message queuing service that enables decoupling of components within distributed systems. Use cases: Asynchronous Communication: Decouple components in distributed systems to improve fault tolerance and scalability. Batch Processing: Queue work items for batch processing to optimize resource utilization. Buffering: Temporarily store messages during system spikes to prevent overload. Distributed Systems: Coordinate work across multiple components or microservices in a distributed architecture. SQS - Message visibility timeout - - The duration during which a message received from an Amazon SQS queue is invisible to other consumers after being retrieved by one consumer. This prevents other consumers from processing the same message simultaneously. If the message processing is not completed within the visibility timeout, it becomes visible again and can be processed by another consumer. Adjusting the visibility timeout ensures that messages are processed reliably and efficiently. SQS Polling - - A feature of Amazon SQS that reduces the number of empty responses by allowing consumers to wait for messages to arrive in an SQS queue before returning a response. Long polling enables efficient use of resources by reducing the number of requests made to SQS, especially in scenarios with infrequent message arrivals. This helps minimize costs and improve the responsiveness of message processing applications. SQS -- FIFO Queues - - Amazon SQS queues that provide strict message ordering and exactly-once processing. FIFO (First-In-First-Out) queues ensure that messages are delivered and processed in the exact order they were sent, and each message is processed only once. This is crucial for applications requiring sequential processing or when maintaining the order of operations is important, such as financial transactions or workflow management systems. Amazon SNS - - A fully managed messaging service that enables the pub/sub (publish/subscribe) messaging pattern. Use cases: Push Notifications: Send notifications to mobile devices, email addresses, or other endpoints. Event-driven Architecture: Trigger actions in response to events, such as system alerts or application events. Fanout Messaging: Broadcast messages to multiple subscribers, such as updating multiple microservices with the same data. Application Decoupling: Decouple components in distributed systems to improve fault tolerance and scalability. SNS + SQS Fan out Pattern - - The SNS and SQS Fan-out pattern involves using Amazon SNS to distribute messages to multiple SQS

queues, allowing for parallel processing of the same message by different components or services. Benefits: Parallel Processing: Messages can be processed concurrently by multiple consumers, improving throughput and reducing latency. Fault Isolation: Each SQS queue and its associated consumers operate independently, providing fault isolation and resilience. Scalability: Additional SQS queues can be added to handle increased message volume, allowing for horizontal scaling. Amazon Kinesis - - A platform for collecting, processing, and analyzing real-time streaming data at scale. Use cases: Real-time Analytics: Analyze and gain insights from streaming data in real-time, such as website clickstreams or IoT sensor data. Data Ingestion: Ingest large volumes of data from various sources, such as logs, social media feeds, or financial transactions. Data Transformation: Transform and enrich streaming data using AWS Lambda or other processing services. Machine Learning: Build and train machine learning models using real-time data streams for predictive analytics or anomaly detection. Kinesis Data Streams - - A service for real- time processing of streaming data at scale. Use cases: Real-time Analytics: Process and analyze high- volume data streams in real-time, such as clickstream data or IoT sensor data. Log and Event Data Processing: Ingest and analyze logs and events from various sources for monitoring and troubleshooting. Data Transformation: Transform, filter, and aggregate data streams before storing or forwarding them to other AWS services. Machine Learning: Use real-time data streams to train and update machine learning models for predictive analytics or anomaly detection. Kinesis Data Firehose - - A fully managed service for ingesting, transforming, and loading streaming data into AWS data stores and analytics services. Use cases: Data Lake Ingestion: Ingest streaming data into Amazon S3 for building data lakes and analytics. Real-time Data Warehousing: Load streaming data into Amazon Redshift for real-time analytics and reporting. Log and Event Data Processing: Collect and process logs, events, and clickstream data for monitoring and analysis. Serverless Data Transformation: Transform streaming data using AWS Lambda before loading it into target destinations. Kinesis Data Analytics - - A service for analyzing streaming data in real-time using SQL or Apache Flink. Use cases: Real-time Insights: Analyze streaming data from various sources, such as IoT sensors or clickstreams, to gain insights and make timely decisions. Anomaly Detection: Detect anomalies or patterns in real-time data streams for monitoring and alerting. Continuous Aggregation: Perform continuous aggregations, such as calculating averages or counts, on streaming data for reporting and dashboarding. Real-time ETL: Transform and enrich streaming data before storing it in data lakes or data warehouses. Data Ordering for Kinesis vs. SQS FIFO - - Kinesis Data Streams: Ordering: Maintains per-shard ordering, guaranteeing that data records within the same shard are processed in order.

infrastructure management. Supports automatic scaling, load balancing, and continuous deployment from source code or container images. Ideal for developers seeking a streamlined deployment experience for web applications. Serverless architecture - - A cloud computing model where cloud providers dynamically manage server provisioning, scaling, and maintenance. Developers focus on writing and deploying code without worrying about server management. It offers cost efficiency, scalability, and rapid development, making it ideal for event-driven, stateless applications and microservices. Popular serverless platforms include AWS Lambda, Azure Functions, and Google Cloud Functions. Lambda function - - AWS Lambda is a serverless compute service allowing you to run code in response to events without provisioning or managing servers. Lambda functions can be triggered by various AWS services or custom events, enabling scalable and cost-effective execution of code for tasks such as data processing, backend APIs, and automation. Lambda limitations - - AWS Lambda imposes various limits to ensure service reliability and prevent abuse. Common limits include maximum function duration, memory allocation, and concurrent executions. Additional limits may apply to deployment package size, environment variables, and execution frequency. Monitoring these limits helps optimize resource utilization and avoid service disruptions. Maximum Function Duration: Default maximum execution time per invocation is 15 minutes. Memory Allocation: Range from 128 MB to 10,240 MB (10 GB) in 64 MB increments. Concurrent Executions: Default is 1, concurrent executions per account per region. Deployment Package Size: 50 MB (compressed) and 250 MB (uncompressed). Environment Variables: Limited to 4 KB in size. Execution Frequency: No hard limit, but there are practical constraints based on concurrent executions and invocation rates. Lambda Snapstart - - A feature that enables faster cold starts for AWS Lambda functions by reusing previous execution environments. It reduces initialization time and improves performance for functions with intermittent or infrequent invocations. Snapstart optimizes resource allocation and enhances user experience, especially for latency-sensitive workloads or applications with sporadic usage patterns. Lambda@Edge - - A feature of AWS Lambda that allows you to run code closer to end-users by deploying functions to AWS's network of edge locations, which are distributed globally and integrated with Amazon CloudFront. Use cases: Edge Computing: Perform compute-intensive tasks such as image optimization or dynamic content generation at edge locations. Content Personalization: Customize web content based on user location or device characteristics. Security: Implement custom security and access control logic closer to users to mitigate attacks or enforce compliance. Real-time Processing: Process and manipulate HTTP requests and responses in real-time, enabling dynamic routing, caching, or redirect rules. Lambda in VPC - - Lambda in VPC (Virtual Private Cloud): Allows AWS Lambda functions to access resources within a VPC, such as EC instances, RDS databases, or ElastiCache clusters, by placing them in a specified subnet.

Use cases: Access Private Resources: Access databases, internal APIs, or other resources within a VPC securely. Secure Connectivity: Connect Lambda functions to private resources without exposing them to the public internet. Hybrid Architectures: Integrate Lambda with on- premises systems or VPN-connected resources within a VPC. Compliance: Meet regulatory requirements by ensuring data processing occurs within a controlled network environment. Dynamo DB - - A fully managed NoSQL database service by AWS, offering seamless scalability, low latency, and high availability. Use cases: Web Applications: Store user profiles, session data, and product catalogs with high performance. Gaming: Manage player data, game state, and leaderboards for multiplayer and online games. IoT: Handle massive volumes of data from IoT devices, sensors, and telemetry streams. Ad Tech: Store and process ad impressions, user behavior data, and campaign analytics in real-time. Dynamo DB Advanced Features - - Fully Managed: No server management required; AWS handles provisioning, scaling, and maintenance. Scalable: Dynamically scales to accommodate any workload with virtually unlimited storage and throughput. Highly Available: Offers built-in multi-region replication and automatic failover for continuous availability. Flexible Data Model: Supports both document and key-value data models, enabling versatile data storage. Consistent Performance: Delivers single-digit millisecond latency for reads and writes, regardless of data volume. Global Tables: Replicates data across multiple AWS regions for low-latency access and disaster recovery. Streams: Captures changes to DynamoDB tables in near real-time for processing and analysis. Security: Provides encryption at rest and in transit, fine-grained access control with IAM, and VPC isolation. API Gateway - - A fully managed service that enables developers to create, publish, maintain, monitor, and secure APIs at any scale. Use cases: Microservices: Expose microservices as APIs for easy consumption by clients. Serverless: Connect AWS Lambda functions to HTTP endpoints for serverless API backends. Mobile Backends: Build RESTful APIs for mobile applications to access backend services. Integration: Integrate with backend systems, such as AWS services or on-premises applications. Third-Party Integration: Expose APIs for third- party developers to access your services. Step functions - - A serverless orchestration service that enables you to coordinate multiple AWS services into serverless workflows. Use cases: Workflow Automation: Automate business processes by defining workflows that execute sequentially or in parallel. Microservices Orchestration: Coordinate interactions between microservices in distributed systems. Data Processing: Create data processing pipelines with AWS services like Lambda, S3, and DynamoDB. State Machine: Define state machines to manage the execution flow and handle errors gracefully. Application Integration: Integrate and coordinate interactions between AWS services and external systems.

popular graph query languages like SPARQL and Gremlin, Neptune enables efficient data modeling and traversal for use cases such as social networks, recommendation engines, and knowledge graphs. It offers scalability, durability, and high availability, making it suitable for complex graph-based applications. Keyspaces - - Amazon Keyspaces is a fully managed, serverless, scalable NoSQL database service compatible with Apache Cassandra. It offers high availability, durability, and consistent performance for applications requiring flexible data models and seamless scalability. Keyspaces simplifies database management tasks like provisioning, scaling, and maintenance, allowing developers to focus on building applications without worrying about infrastructure management. QLDB - - A fully managed, serverless ledger database service by AWS. QLDB provides a transparent, immutable, and cryptographically verifiable transaction log, enabling secure and auditable data storage. It's suitable for applications requiring a trusted and centralized ledger for tracking changes to data, such as financial systems, supply chain management, and compliance auditing. QLDB offers scalability, durability, and built-in query capabilities for efficient data access and analysis. Timestream - - A fully managed time-series database service by AWS, designed for storing and analyzing time-series data at scale. Timestream offers automatic scaling, high availability, and durability, making it suitable for IoT, DevOps, and industrial telemetry applications. It provides built-in time-series functions, compression, and retention policies, simplifying data management and analysis for real-time and historical insights. Athena - - A serverless interactive query service by AWS, enabling querying of data in Amazon S3 using standard SQL. Athena supports various file formats like CSV, JSON, and Parquet, making it suitable for ad-hoc analysis, log analysis, and data exploration. It offers scalability, flexibility, and cost- effectiveness, with pay-per-query pricing and no infrastructure to manage. Redshift - - A fully managed data warehousing service by AWS, designed for analytics and reporting at scale. Redshift offers high-performance querying of large datasets using SQL, with petabyte-scale data storage and automatic scaling capabilities. It's ideal for data warehousing, data lake integration, and business intelligence applications, providing fast query performance, concurrency, and cost- effectiveness. OpenSearch - - OpenSearch: A distributed, open-source search and analytics engine derived from Elasticsearch. It offers scalable, real-time search and analysis capabilities for various use cases, including log analytics, full-text search, and application monitoring. OpenSearch provides features like indexing, querying, and visualization, enabling developers to build robust search applications with ease. It's highly customizable and integrates seamlessly with other AWS services for enhanced functionality. EMR - - A fully managed big data platform by AWS, facilitating easy processing and analysis of large datasets using popular frameworks like Apache Hadoop, Spark, and HBase. EMR offers scalability, flexibility, and cost-effectiveness, enabling businesses to run diverse workloads such as batch processing, machine learning, and real-time analytics. It simplifies cluster provisioning, configuration, and management,

allowing users to focus on data analysis rather than infrastructure management. Quicksight - - A fully managed business intelligence (BI) service by AWS, enabling users to create interactive dashboards and visualizations from various data sources. QuickSight offers features like ad-hoc analysis, embedded analytics, and machine learning- powered insights. It's scalable, cost-effective, and integrates seamlessly with AWS data services, making it suitable for organizations of all sizes to derive actionable insights from their data. Glue - - A fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load data for analytics. Glue automatically discovers, catalogs, and transforms data stored in AWS data lakes or data warehouses, allowing users to focus on analytics rather than infrastructure management. It supports various data formats and integrates with other AWS services for seamless data processing workflows. Lake Formation - - A fully managed service for building, securing, and managing data lakes in the cloud. It simplifies the process of setting up and managing data lakes by automating tasks such as data ingestion, cataloging, and access control. Lake Formation integrates with other AWS services like S3, Glue, and Athena to provide a comprehensive solution for data lake management and analytics. MSK - - A fully managed service by AWS for building and running Apache Kafka-based applications. It provides scalability, durability, and high availability for streaming data workloads, enabling real-time data processing and analytics. MSK automates cluster provisioning, monitoring, and maintenance, allowing developers to focus on building applications rather than managing infrastructure. Big Data Ingestion Pipeline - - A data architecture that enables the automated collection, processing, and storage of large volumes of data from diverse sources. It typically involves components such as data ingestion, transformation, and loading into a data lake or warehouse. Technologies like Apache Kafka, AWS Kinesis, and Apache NiFi are commonly used for building robust and scalable ingestion pipelines. Rekognition - - A machine learning service provided by AWS for image and video analysis. Rekognition offers capabilities such as object detection, facial recognition, text recognition, and content moderation. It enables developers to integrate advanced computer vision features into their applications easily, making it suitable for use cases like security surveillance, content moderation, and personalized user experiences. Transcribe - - An AWS service for automatic speech recognition (ASR), converting spoken language into text. Transcribe supports various audio formats and languages, offering accurate and customizable transcription for a wide range of use cases. It's suitable for tasks like transcribing customer service calls, generating subtitles for videos, and enabling voice-driven applications. Polly - - A text-to-speech (TTS) service provided by AWS. It enables developers to convert text into lifelike speech using advanced deep learning techniques. Polly supports multiple languages and voices, offering customizable pronunciation and speaking styles. It's suitable for applications like voice-enabled interfaces,