Posts

Lifecycle event hook availability The following table lists the lifecycle event hooks available for each deployment and rollback scenario. Lifecycle event name Auto Scaling launch deployment¹ Auto Scaling termination deployment¹ In-place deployment² Blue/green deployment: Original instances Blue/green deployment: Replacement instances Blue/green deployment rollback: Original instances Blue/green deployment rollback: Replacement instances ApplicationStop ✓ ✓ ✓ ✓…

Sure! Here’s a summary table of AWS CodeDeploy deployment options, categorized by platform and type: ✅ AWS CodeDeploy Deployment Options Table Platform Deployment Type Deployment Config (Examples) Traffic Shifting Rollback Support EC2/On-Premises In-Place CodeDeployDefault.AllAtOnceHalfAtATimeOneAtATime ❌ No traffic shifting ✅ Yes Blue/Green Custom configs (e.g., batches) ✅ Route traffic to new instances ✅ Yes Lambda Blue/Green…

AWS Lambda offers two primary concurrency controls—reserved concurrency and provisioned concurrency—each serving distinct purposes. Here’s a detailed comparison to help you understand their differences and use cases:(AWS Documentation) 🔹 Reserved Concurrency Purpose: Guarantees a specific number of concurrent executions for a function, ensuring it has dedicated capacity. Key Characteristics: Use Cases: Example: 🔹 Provisioned Concurrency…

Certainly! Here’s a clean comparison of Blue-Green Deployment, Canary Deployment, and A/B Testing without any icons: 1. Blue-Green Deployment Concept:You maintain two identical environments — one is the current live environment (Blue), and the other is where you deploy the new version (Green). Once tested, you switch all traffic to Green. Key Characteristics: Feature Description…

Automatic Key Rotation in KMS 1. Customer-Managed KMS Keys (CMKs) Example using AWS CLI: 2. Asymmetric KMS Keys AWS-Managed Keys (such as those used by S3, EBS, etc.) Notes Would you like steps to enable automatic rotation or guidance on setting up manual rotation?

comparison of Kinesis Data Streams, Kinesis Data Analytics, and Kinesis Data Firehose — all three are part of the AWS Kinesis family, but they serve distinct purposes in a streaming data pipeline. Kinesis Service Comparison Feature Kinesis Data Streams Kinesis Data Analytics Kinesis Data Firehose Primary Role Real-time data ingestion Real-time processing of streaming data…

Sure! Here’s the EKS Control Plane vs. Data Plane comparison without the icons: EKS: Control Plane vs. Data Plane Control Plane (Managed by AWS) This is the “brain” of your Kubernetes cluster. In EKS: Components AWS Manages: Data Plane (Managed by You) This is where your actual workloads (pods and containers) run. You have three…

Use a Deny with no action { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Principal”: { “AWS”: “arn:aws:iam::122610500691:user/john” }, “Action”: “s3:ListBucket”, “Resource”: “arn:aws:s3:::test.test-devops.kitboga.s3” }, { “Sid”: “DenyAllOtherActions”, “Effect”: “Deny”, “Principal”: { “AWS”: “arn:aws:iam::122610500691:user/john” }, “NotAction”: “s3:GetObject”, “Resource”: “arn:aws:s3:::test.test-devops.kitboga.s3/*” } ]} Bob is able to list objects in the bucket. Bob is able to get objects…

Sure! Here’s a clean version of the Auto Scaling Group (ASG) termination policies explanation without any icons: Default Termination Policy If you don’t specify a termination policy, AWS uses the default behavior: Custom Termination Policies You can define a list of termination policies, and AWS will evaluate them in the order you provide. Here are…

CloudWatch CloudWatch Contributor Insights helps you identify top contributors to patterns in your logs—like the users, IPs, or endpoints generating the most errors or traffic. How it works: You can analyze: Use cases: Benefits: Pricing: Based on number of log events analyzed. Let me know if you want help writing a rule or setting it…

Virtual Private Gateway (VGW) in AWS cannot connect multiple VPCs directly. It is designed to connect a single VPC to an on-premises network over a VPN connection or Direct Connect link. However, there are several ways to achieve connectivity between multiple VPCs, including using a Virtual Private Gateway as part of a larger solution. Here…

Module 1 Common Serverless Use Cases and Patterns Scoping Applications and Services Modern Application Development and Event-Driven Design Module 2 Prinicipals and Identities Managing Multiple Accounts Module 3 Networking Fundamentals IP Addressing VPC Fundamentals VPC Traffic Security Module 4 High Performance Computing AWS Lambda Module 5 Storage Services Amazon S3 Shared File Systems Module 6…

Virtual Private Gateway (VGW) in AWS cannot connect multiple VPCs directly. It is designed to connect a single VPC to an on-premises network over a VPN connection or Direct Connect link. However, there are several ways to achieve connectivity between multiple VPCs, including using a Virtual Private Gateway as part of a larger solution. Here…

You can use multiple connections to increase available bandwidth. A link aggregation group (LAG) is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing you to treat them as a single, managed connection. LAGs streamline configuration because the LAG configuration applies…

Nonrelational database types To learn more, expand each of the following seven categories. Key-value databases– Key-value databases logically store data in a single table. Within the table, the values are associated with a specific key and stored in the form of blob objects without a predefined schema. The values can be of nearly any type. Strengths…

Redis vs Memcached: Feature Comparison Feature Redis Memcached Data Types Supports strings, hashes, lists, sets, sorted sets, streams, bitmaps, hyperloglogs Strings only Persistence Yes (RDB snapshots, AOF) No Replication Yes (with automatic failover) No High Availability Yes (Multi-AZ, automatic failover) No Cluster Mode Yes (native support) Partial (manual configuration) Pub/Sub Yes No TTL (Expiration) Yes,…

Operational Excellence AWS Direct Connect Use a physical, private, and dedicated connection from your on premises location to your AWS environment. You can monitor AWS Direct Connect connections using Amazon CloudWatch to collect and process raw data from AWS Direct Connect into readable, near real-time metrics. You can consolidate these metrics in CloudWatch and build…

Amazon Aurora provides built-in replication as part of its Aurora DB Cluster architecture, which is different from Aurora Read Replicas in terms of how they are implemented and used. Let’s break down the differences between Aurora DB Cluster built-in replication and Aurora Read Replicas: 1. Aurora DB Cluster Built-in Replication Key Benefits of Aurora DB…

AWS Transfer Family is a fully managed service that provides secure file transfer over SFTP, FTPS, and FTP into and out of AWS Amazon S3 or Amazon EFS. It allows businesses to migrate, automate, and scale their file transfer workloads without needing to maintain dedicated file transfer infrastructure. Key Features of AWS Transfer Family Use…

Vault Lock vs. S3 Object Lock Feature Vault Lock (Glacier) S3 Object Lock Applies to Entire Vault Individual Objects Compliance Enforcement Vault-wide Policy Per-object WORM settings Retention Control Time-based Policy Retention periods per object Modification After Locking No changes allowed Object retention settings can be extended 2. Retention Modes S3 Object Lock supports two modes:…

Amazon Kinesis Data Firehose buffer size determines how much data Firehose collects before delivering it to the destination. This affects performance, latency, and cost. 🔹 Key Parameters for Buffering Kinesis Data Firehose buffers data using two settings: Firehose delivers data when either the buffer size is met or the buffer interval expires. Destination Buffer Size…

In Amazon Kinesis, shards and partitions are terms related to the way data is distributed and processed in Kinesis streams, but they refer to different concepts: Shard: A shard is the basic unit of capacity within an Amazon Kinesis stream. It acts as a container for the stream’s data and is responsible for: Each shard…

AWS SNS Throttling Limits In Amazon Simple Notification Service (SNS), throttling refers to the restriction on the rate at which you can publish or deliver messages. Throttling limits ensure that the service operates efficiently and prevents excessive resource consumption, which could lead to outages or performance degradation. SNS Throttling Limits Overview Here are the primary…

Scability

RDS (Amazon Relational Database Service) supports Point-in-Time Recovery (PITR) backups and manual snapshots, each serving different purposes. Here’s how they compare: RDS PITR Backups Manual Backups (Snapshots) When to Use What? Scenario Use PITR Use Manual Snapshots Accidental data loss (e.g., unintended DELETE or DROP command) ✅ ❌ Disaster recovery planning ✅ ✅ Long-term backups…

Yes, in Amazon S3, you can transition object versions between different storage classes, but the ability to do so depends on the versioning configuration of your bucket. Here are the key points to understand when moving versions between storage classes in Amazon S3: 1. Versioning and Object Lifecycle When versioning is enabled for an S3…

AWS Nitro Enclaves Overview AWS Nitro Enclaves is a feature of the AWS Nitro System that allows you to create isolated compute environments within Amazon EC2 instances. These enclaves provide an extra layer of security by ensuring that sensitive data and workloads can be processed in a secure and isolated environment, without the risk of…

Amazon S3 Object Lambda is a feature of Amazon Simple Storage Service (S3) that allows you to add your own processing to the data as it is retrieved from an S3 bucket. With S3 Object Lambda, you can customize and modify the content of objects when they are accessed without having to change the objects…

Amazon S3 provides strong read-after-write consistency for all objects, including overwrite PUTS and DELETES. This means that when you write an object or overwrite an existing object, subsequent reads of that object will immediately reflect the latest changes. Here’s a more detailed look at S3 Read-Write Consistency: 1. Read-After-Write Consistency 2. S3 Consistency Model Historically,…

ELB Health Checks Overview Amazon Elastic Load Balancer (ELB) health checks are a critical feature that helps ensure traffic is routed only to healthy instances. By performing regular health checks, ELB monitors the state of the targets (EC2 instances) in a target group and ensures that only healthy instances receive traffic. If an instance is…

Yes, Auto Scaling Groups (ASGs) can integrate with Capacity Reservations in AWS, but it’s important to understand how they work together. How ASG and Capacity Reservations Work Together: Steps to Use ASG with Capacity Reservations: Key Considerations: Example Scenario:

S3 Intelligent-Tiering access tiers The following section explains the different automatic and optional access tiers. When objects move between access tiers, the storage class remains the same (S3 Intelligent-Tiering). Frequent Access tier (automatic)This is the default access tier that any object created or transitioned to S3 Intelligent-Tiering begins its lifecycle in. An object remains in…

Amazon EFS can be backed by FSx for Lustre when used together, especially in scenarios where you need to leverage the high-performance capabilities of FSx for Lustre while using EFS for more general-purpose file storage. Here’s how this works: How It Works: Example Use Case: Benefits: Key Points:

AWS Spot Instances are a cost-effective way to run applications on Amazon EC2 by taking advantage of unused AWS compute capacity. Spot Instances are available at a significant discount compared to On-Demand Instances (up to 90%), but they come with the tradeoff that AWS can terminate them at any time if the capacity is needed…

Spot Fleet is a service provided by AWS that helps you manage Spot Instances in a more flexible and scalable way. A Spot Fleet allows you to launch and manage a collection of Spot Instances across multiple instance types, availability zones, and pricing models. It’s designed to ensure that you can meet the desired capacity…

In Amazon ECS (Elastic Container Service), there are three primary network modes that define how containers interact with networking and how their networking is configured. These network modes are bridge, host, and awsvpc. bridge Network Mode (default for EC2 launch type) In bridge mode, containers are connected to a virtual bridge network on the EC2…

Amazon FSx is a fully managed service that provides high-performance file systems for use with Amazon Web Services (AWS). It offers a variety of file storage options tailored to different workloads. Here’s an overview of the different types of Amazon FSx: Amazon FSx for Windows File Server Amazon FSx for Lustre Amazon FSx for OpenZFS…

Key Pricing Components: Storage Costs: Standard Storage: ~$0.30 per GB per month. Infrequent Access (IA) Storage: ~$0.025 per GB per month. Data Transfer Costs: Data Transfer Between EC2 and EFS: Data transfer between EC2 instances and EFS is free within the same Availability Zone. Data Transfer Between AZs: If you use multi-AZ deployment for EFS,…

Provisioned IOPS (PIOPS) Volume Type Supports Provisioned IOPS? Max IOPS Best For io1 ✅ Yes 64,000 High-performance databases (MySQL, Oracle, PostgreSQL) io2 ✅ Yes 256,000 Mission-critical applications (SAP HANA, high-throughput databases) gp3 ✅ Yes (Customizable IOPS) 16,000 Cost-effective high-performance workloads gp2 ❌ No (Burstable only) 16,000 (burst) General workloads (web servers, dev/test) st1/sc1 ❌ No…

Amazon EBS Fast Snapshot Restore (FSR) Fast Snapshot Restore (FSR) allows you to create low-latency and instant-ready Amazon EBS volumes from snapshots, avoiding the usual initialization delay. Normally, when you restore an EBS volume from a snapshot, it experiences lazy loading, which can cause high latency for the first read operations. FSR eliminates this issue….

AWS Reserved Instances (RIs) come in two primary types: Standard Reserved Instances and Convertible Reserved Instances. Both offer significant cost savings compared to On-Demand pricing in exchange for committing to a 1- or 3-year term, but they differ in terms of flexibility, usage, and savings. 1. Standard Reserved Instances (RIs) Key Characteristics: Use Case: Pros:…

When using AWS Spot Instances, you have the option to choose between two types of request behaviors: These two types of requests determine how AWS manages your Spot Instance lifecycle and how they handle interruptions. Let’s look at the differences: 1. One-Time Spot Instance Requests: Description: Key Features: Use Cases: 2. Persistent Spot Instance Requests:…

AWS Savings Plans are a flexible pricing model offered by Amazon Web Services that provide significant cost savings compared to on-demand pricing. Essentially, by committing to a consistent amount of usage for one or three years, you can save up to 72% on certain AWS services. There are two main types of Savings Plans: Key…

AWS provides different types of network interfaces to optimize networking performance based on use cases. The three main network interfaces are Elastic Network Interface (ENI), Elastic Network Adapter (ENA), and Elastic Fabric Adapter (EFA). Here’s a comparison: Feature ENI (Elastic Network Interface) ENA (Elastic Network Adapter) EFA (Elastic Fabric Adapter) Purpose General-purpose networking High-performance networking…

Policy Boundary vs SCP Feature IAM Policy Boundary Service Control Policies (SCPs) Scope Applied to individual IAM users/roles Applied to all IAM users/roles within an AWS account or organization Function Defines maximum allowable permissions for a user or role Restricts permissions for all IAM users/roles in an account or organizational unit Granularity Granular, tied to…

Here’s a short comparison table between AWS MGN, AWS DR, and CloudEndure to highlight their key features: Feature AWS MGN (Application Migration Service) AWS DR (Disaster Recovery) CloudEndure (Disaster Recovery) Primary Focus Lift-and-shift migration of workloads to AWS Disaster recovery and failover solutions Disaster recovery with minimal downtime Use Case Migration of physical, virtual, and…

Supported transfers in the same AWS account DataSync supports transfers between the following storage resources that are associated with the same AWS account. Source (from) Destination (to) NFS SMB HDFS Object storage Amazon S3 (in AWS Regions) Amazon EFS Amazon FSx for Windows File Server FSx for LustreFSx for OpenZFSFSx for ONTAP Amazon S3 (in…

Agent-based vs Agentless: Key Differences Feature Agent-based Migration Agentless Migration Agent Installation Required on each source machine No agent installation Replication Method Block-level replication with detailed data transfer Uses a connector to replicate data Best for Physical servers, VM-based environments (e.g., VMware, Hyper-V) Large VMware environments or where agent installation is impractical Setup Complexity More…

Transfer Type Within Same Region? Pricing Between instances in the same AZ ✅ Yes Free Between instances in different AZs (same region) ✅ Yes $0.01 per GB Between AWS services (S3, RDS, etc.) in the same region ✅ Yes Free (for most cases) Between AWS regions (inter-region transfer) ❌ No $0.02 per GB (varies by…

Amazon Kinesis Data Firehose and Amazon Kinesis Data Streams are both part of the Kinesis family of services for handling real-time data streams, but they are designed for different use cases and have distinct characteristics. Here’s a comparison to help clarify their differences: 1. Purpose and Use Cases: 2. Data Processing: 3. Scalability: 4. Data…

Org LB Integration Misc

IAM Role for Service Accounts (IRSA) Feature of Amazon EKS (Elastic Kubernetes Service) that allows Kubernetes service accounts to assume IAM roles. This integration enables Kubernetes workloads (like pods) running on EKS to securely interact with AWS services without requiring static AWS credentials (such as access keys or secrets) within the application or pod. With…

AWS RAM (Resource Access Manager) is a service provided by Amazon Web Services (AWS) that enables customers to share AWS resources across different AWS accounts or within their organization in AWS Organizations. It helps streamline resource management by making it easier to share resources securely with other accounts or organizational units (OUs), reducing the need…

Amazon Cognito offers two main components for managing user authentication and identity management: User Pools and Identity Pools. Both are used in different scenarios and have distinct purposes. Here’s a comparison to help clarify the differences between them: Amazon Cognito User Pool: A User Pool is primarily focused on user authentication, and it provides a…

Comparison of Application Migration Service, Database Migration Service, and Mainframe Modernization Service: Feature Application Migration Service (AMS) Database Migration Service (DMS) Mainframe Modernization Service Purpose Migrate entire applications (OS, configurations, data) to AWS Migrate databases between environments (on-prem to cloud or cloud to cloud) Migrate and modernize mainframe workloads to AWS Migration Type Lift-and-shift (rehosting…

AWS Disaster Recovery (DR) refers to the strategies, tools, and services that help organizations recover their IT infrastructure and applications in the event of a disaster, such as an outage, system failure, or natural disaster. AWS provides a range of services and approaches that enable businesses to build a resilient disaster recovery solution to quickly…

Amazon S3 Transfer Acceleration and Amazon CloudFront are both services designed to improve the performance of delivering content from Amazon S3 to end users, but they have different use cases and operate in different ways. Here’s a comparison of the two: S3 Transfer Acceleration Overview: S3 Transfer Acceleration is a feature of Amazon S3 that…

Feature Standard Queue FIFO Queue Throughput Unlimited 300 TPS (default) 3,000 TPS (with high-throughput mode) Message per second Virtually unlimited Limited to configured TPS Ordering Best-effort (out of order possible) Strictly ordered Duplicates Possible (at-least-once delivery) No duplicates (exactly-once processing) Latency Tens of milliseconds Slightly higher due to ordering enforcement Message Size Up to 256…

Amazon DynamoDB Point-in-Time Recovery (PITR) Amazon DynamoDB Point-in-Time Recovery (PITR) allows you to restore a table to a specific point in time within the past 35 days. It provides continuous backup to protect against accidental deletions, data corruption, or unintended write operations. 1. Key Features of PITR Auto Scaling for DynamoDB Tables refers to the…

AWS Systems Manager (SSM) is a centralized management service that helps automate, monitor, and secure AWS and on-premises infrastructure. It simplifies operations, troubleshooting, patching, and security management. 1. Key Features of AWS Systems Manager a) Session Manager (Secure Remote Access) b) SSM Run Command (Automate Tasks Remotely) c) Patch Manager (Automated Patching) d) Parameter Store…

Here’s a table that compares AWS Transit Gateway, AWS CloudHub, and AWS Cloud WAN based on various aspects: Feature AWS Transit Gateway AWS CloudHub AWS Cloud WAN Purpose Centralized hub for VPC and on-premises connections Connects VPCs across multiple regions using VPN Global network management across AWS regions and on-premises Primary Use Case VPC-to-VPC communication,…

Amazon AppRunner, AWS Batch, and AWS Lambda are three different services offered by AWS to run applications and workloads, but they are designed for different use cases. Let’s compare them based on various factors: 1. Purpose and Use Case 2. Event-Driven vs. Scheduled Workloads 3. Scalability 4. Resource Management and Control 5. Execution Duration 6….

Amazon Pinpoint is an AWS service for customer engagement and communication. It enables businesses to send targeted, personalized messages across multiple channels, including email, SMS, push notifications, and voice messages. Pinpoint is commonly used for marketing campaigns, transactional messaging, and customer analytics. Key Features of Amazon Pinpoint 1. Multi-Channel Messaging Amazon Pinpoint allows you to…

AWS IAM Policy Conditions allow you to apply specific constraints or rules to control access in your AWS environment. These conditions can be used in IAM policies (Identity and Access Management) to refine permissions based on attributes, such as time of day, source IP, or the presence of tags, among others. Conditions help you to…

AppFlow AWS AppFlow is a fully managed integration service that allows you to securely transfer data between AWS services and SaaS applications like Salesforce, SAP, Slack, and ServiceNow—without writing custom code. It helps automate data ingestion, synchronization, and transformation, making it easier to manage workflows across different platforms. Key Features of AWS AppFlow 1. No-Code…

Requester’s Pays is an Amazon S3 feature that allows the requester (the user or application) to bear the costs associated with data transfer when accessing objects from a bucket. By default, the bucket owner incurs the costs of data retrieval and transfer, but with Requester’s Pays enabled, the requester is responsible for these costs. When…

Amazon EventBridge is a fully managed event bus service that makes it easier to connect applications using data from a variety of sources. It allows you to create event-driven applications by routing real-time events from your applications, integrated AWS services, and third-party SaaS apps to other AWS services for processing. Key Features of Amazon EventBridge:…

Amazon CloudFront and AWS Global Accelerator are both services provided by AWS that help optimize the delivery of content and applications, but they serve different purposes and have distinct use cases. Amazon CloudFront CloudFront is a Content Delivery Network (CDN) service that caches and delivers content (e.g., HTML, images, videos, API responses) from edge locations…

AWS CloudFront is a fast, highly secure Content Delivery Network (CDN) service that delivers data, videos, applications, and APIs to users worldwide with low latency. It works by caching content in multiple edge locations globally to provide fast access to end users. Global Edge Network – Uses AWS’s network of edge locations and regional caches…

ENI Elastic Network Interfaces (ENIs), are virtual network interfaces that can be attached to EC2 instances in a Virtual Private Cloud (VPC). They allow instances to communicate within the AWS network and externally. ENA Elastic Network Adapter (ENA) is a high-performance network interface used in AWS for enhanced networking. ENA is designed to deliver high…