From 9441ec7000bb9f41ed2fb14a9eb3b3ecb9f3130b Mon Sep 17 00:00:00 2001 From: aandr26 Date: Sat, 10 Oct 2020 08:31:36 -0600 Subject: [PATCH] Fixed punctuation, spelling --- .../10a_Monitoring/CloudWatch.md | 2 +- .../10a_Monitoring/Trusted_Advisor.md | 2 +- .../10b_Systems_Manager/Patch_Manager.md | 12 ++++---- .../SSM_Parameters_Store.md | 4 +-- .../10c_CloudFormation/CloudFormation_DR.md | 2 +- .../Elastic_Beanstalk_Overview.md | 4 +-- .../10e_OpsWorks/OpWorks_Overview.md | 4 +-- .../11b_AWS_Snow/Snowball_Snowmobile.md | 16 +++++----- .../12a_SQS/SQS_Overview.md | 2 +- .../12c_MQ/MQ_Essentials.md | 2 +- .../12e_Step_Functions/Step_Functions.md | 4 ++- docs/2_Accounts/2c_Billing_Models/Billing.md | 12 ++++---- .../Identity_Federation.md | 8 ++--- .../3a_VPC_Essentials/Egress-Only_Gateways.md | 4 +-- docs/3_Networking/3a_VPC_Essentials/NACLs.md | 5 ++-- .../3a_VPC_Essentials/Security_Groups.md | 5 ++-- .../3a_VPC_Essentials/VPC_Flow_Logs.md | 2 +- .../3a_VPC_Essentials/VPC_Routing.md | 2 +- .../Direct_Connect.md | 20 ++++++------- .../Private_Link.md | 4 +-- .../VPC_Structure.md | 4 +-- .../3b_Advanced_VPC_Networking/VPNS.md | 12 ++++---- .../Certificate_Manager_ACM.md | 2 +- .../4a_Account_Service_Security/CloudHSM.md | 2 +- .../Directory_Service.md | 2 +- .../Key_Management_Service_KMS.md | 6 ++-- .../Secrets_Manager.md | 6 ++-- .../4c_Compute_Security/Inspector.md | 2 +- .../5a_EC2/EC2_Storage_and_Snapshots.md | 4 +-- docs/5_Compute/5a_EC2/HPC_Placement_Groups.md | 4 +-- docs/5_Compute/5b_Containers/ECS_Security.md | 2 +- docs/5_Compute/5c_Serverless/API_Gateway.md | 2 +- .../5_Compute/5c_Serverless/Lambda_indepth.md | 2 +- .../Serverless_Event-Driven_Architectures.md | 2 +- .../5d_Workspaces/Workspaces_Overview.md | 2 +- .../AWS_Service_Resilience.md | 12 ++++---- ...eciding_between_Spot_Reserved_Instances.md | 2 +- .../6a_Scaling_Architectures/ELB.md | 10 +++---- .../Stateless_Architectures.md | 2 +- .../CloudFront_Architecture.md | 4 +-- .../CloudFront_Security.md | 30 +++++++++---------- ...Creating_and_Working_with_Distributions.md | 8 ++--- .../Optimizing_Caching.md | 8 ++--- .../6c_Route53/Advanced_Route53_Concepts.md | 2 +- docs/7_Storage/7a_S3/S3_Controlling_Access.md | 2 +- .../7a_S3/S3_Cross-Region_Replication.md | 2 +- docs/7_Storage/7a_S3/S3_Object_Encryption.md | 6 ++-- .../7a_S3/S3_Optimizing_Performance.md | 10 +++---- ..._Intelligent-Tiering_Lifecycle_Policies.md | 14 ++++----- .../7a_S3/S3_Versioning_and_Locking.md | 2 +- docs/7_Storage/7c_FSx/FSx_Architecture.md | 2 +- docs/7_Storage/7c_FSx/FSx_Lustre.md | 10 +++---- .../File_vs_Volume_vs_Tape_Gateways.md | 22 +++++++------- .../8a_DB_Introduction/DB_Models_Engines.md | 4 +-- docs/8_Databases/8b_SQL/Athena.md | 2 +- docs/8_Databases/8b_SQL/Aurora.md | 2 +- docs/8_Databases/8b_SQL/RDS.md | 2 +- docs/8_Databases/8b_SQL/RDS_Backups.md | 2 +- .../8c_NoSQL/DynamoDB_Architecture.md | 2 +- docs/8_Databases/8c_NoSQL/DynamoDB_Indexes.md | 2 +- .../8c_NoSQL/DynamoDB_Performance.md | 8 ++--- docs/8_Databases/8c_NoSQL/Neptune.md | 2 +- docs/9_Analytics_IoT_Streaming/9a_EMR/EMR.md | 2 +- .../9g_Batch/Batch_Essentials.md | 7 +++-- 64 files changed, 179 insertions(+), 174 deletions(-) diff --git a/docs/10_Deployment_and_Operations/10a_Monitoring/CloudWatch.md b/docs/10_Deployment_and_Operations/10a_Monitoring/CloudWatch.md index fa3e9b3..4473cc1 100644 --- a/docs/10_Deployment_and_Operations/10a_Monitoring/CloudWatch.md +++ b/docs/10_Deployment_and_Operations/10a_Monitoring/CloudWatch.md @@ -17,4 +17,4 @@ * CWAgent. * Route 53 Logging: * Only works for public hosted zones. - * S3 Logging: + * S3 Logging diff --git a/docs/10_Deployment_and_Operations/10a_Monitoring/Trusted_Advisor.md b/docs/10_Deployment_and_Operations/10a_Monitoring/Trusted_Advisor.md index 6aa0aa2..98feef9 100644 --- a/docs/10_Deployment_and_Operations/10a_Monitoring/Trusted_Advisor.md +++ b/docs/10_Deployment_and_Operations/10a_Monitoring/Trusted_Advisor.md @@ -10,4 +10,4 @@ * MFA on Root account. * EBS public snapshots. * RDS public snapshots. - * 50 service limit checks. \ No newline at end of file + * 50 service limit checks. diff --git a/docs/10_Deployment_and_Operations/10b_Systems_Manager/Patch_Manager.md b/docs/10_Deployment_and_Operations/10b_Systems_Manager/Patch_Manager.md index 181c822..0d48176 100644 --- a/docs/10_Deployment_and_Operations/10b_Systems_Manager/Patch_Manager.md +++ b/docs/10_Deployment_and_Operations/10b_Systems_Manager/Patch_Manager.md @@ -12,18 +12,18 @@ AWS-WindowsPredefinedPatchBaseline-OS - Critical and security updates AWS-WindowsPredefinedPatchBaseline-OS-Applications - Critical and security updates + MS app updates * Patch Groups - * Groups of resources in SSM, which resources to patch + * Groups of resources in SSM, which resources to patch. * Maintenance Windows - * When to apply patches + * When to apply patches. * Run Command - * How patches are actually installed + * How patches are actually installed. * Concurrency & Error Threshold - * How many to patch and how many errors to tolerate before failing. + * How many to patch and how many errors to tolerate before failing. * Compliance * Is it compliant with a set of standards? * **Architecture:** - * (1) Define Patch Baselines - What gets installed + * (1) Define Patch Baselines - What gets installed. * (2) Create Patch groups - Targets for patch tasks. * (3) Maintenance windows - Define schedule, duration, targets and tasks. * (4) AWS-RunPatchBaseline runs with a baseline and targets. - * (5) Checks for compliance using Systems Manager Inventory + * (5) Checks for compliance using Systems Manager Inventory. diff --git a/docs/10_Deployment_and_Operations/10b_Systems_Manager/SSM_Parameters_Store.md b/docs/10_Deployment_and_Operations/10b_Systems_Manager/SSM_Parameters_Store.md index 1cc6cbc..c74778d 100644 --- a/docs/10_Deployment_and_Operations/10b_Systems_Manager/SSM_Parameters_Store.md +++ b/docs/10_Deployment_and_Operations/10b_Systems_Manager/SSM_Parameters_Store.md @@ -3,5 +3,5 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Store data hierarchically - * Serverless, resilient, and scalable + * Store data hierarchically. + * Serverless, resilient, and scalable. diff --git a/docs/10_Deployment_and_Operations/10c_CloudFormation/CloudFormation_DR.md b/docs/10_Deployment_and_Operations/10c_CloudFormation/CloudFormation_DR.md index ea72417..5697a45 100644 --- a/docs/10_Deployment_and_Operations/10c_CloudFormation/CloudFormation_DR.md +++ b/docs/10_Deployment_and_Operations/10c_CloudFormation/CloudFormation_DR.md @@ -10,4 +10,4 @@ * Backup and Restore * Pilot light * Warm standby - * CloudFormation can be used to do this + * CloudFormation can be used to do this. diff --git a/docs/10_Deployment_and_Operations/10d_Elastic_Beanstalk/Elastic_Beanstalk_Overview.md b/docs/10_Deployment_and_Operations/10d_Elastic_Beanstalk/Elastic_Beanstalk_Overview.md index 8b5f4ad..b871955 100644 --- a/docs/10_Deployment_and_Operations/10d_Elastic_Beanstalk/Elastic_Beanstalk_Overview.md +++ b/docs/10_Deployment_and_Operations/10d_Elastic_Beanstalk/Elastic_Beanstalk_Overview.md @@ -15,13 +15,13 @@ * Go, Java SE, Tomcat * .NET Core (Linux) & .NET (Windows) * Node.js, PHP, Python & Ruby - * Single container Docker & multicontainer Docker + * Single container Docker & multicontainer Docker. * Preconfigured Docker * Hashicorp Packer = Custom EB * Focus on code, low infrastructure. * Fully customizable - uses AWS products under the covers. * Will require app changes. - * Keep databases outside of Elastic Beanstalk + * Keep databases outside of Elastic Beanstalk. * **Application:** * Container of environments, versions, environment configurations. * An application can have Web Server or Worker environments. diff --git a/docs/10_Deployment_and_Operations/10e_OpsWorks/OpWorks_Overview.md b/docs/10_Deployment_and_Operations/10e_OpsWorks/OpWorks_Overview.md index fef1b18..7856d00 100644 --- a/docs/10_Deployment_and_Operations/10e_OpsWorks/OpWorks_Overview.md +++ b/docs/10_Deployment_and_Operations/10e_OpsWorks/OpWorks_Overview.md @@ -15,7 +15,7 @@ * **Exam Tips:** * Pretty much only choose when you need Chef or Puppet. - * When you already have one + * When you already have one. * Requirement to automate * If Recipes, Cookbook or Manifests are mentioned. * Global service, but you can choose the region to deploy into. @@ -26,7 +26,7 @@ * **Recipes and Cookbooks:** * Github * **Stacks:** - * Top level construct + * Top level construct. * Type (Dev, Prod) or function (Finance, Management) of a system. * Can run custom chef cookbooks but need to point it at a repository. * Uses instance roles for the instances it creates. diff --git a/docs/11_Migrations_and_Hybrid_Architectures/11b_AWS_Snow/Snowball_Snowmobile.md b/docs/11_Migrations_and_Hybrid_Architectures/11b_AWS_Snow/Snowball_Snowmobile.md index 92dd36d..5469ccf 100644 --- a/docs/11_Migrations_and_Hybrid_Architectures/11b_AWS_Snow/Snowball_Snowmobile.md +++ b/docs/11_Migrations_and_Hybrid_Architectures/11b_AWS_Snow/Snowball_Snowmobile.md @@ -11,22 +11,22 @@ * **Exam Tips:** * **Snowball:** * 50 TB or 80 TB per device. - * Use when transferring more than 10 TB + * Use when transferring more than 10 TB. * Can chain together to get more capacity. - * Faster than internet/Direct Connect/VPN + * Faster than internet/Direct Connect/VPN. * **Snowball Edge:** - * Up to 100 TB per device - Storage Optimized + * Up to 100 TB per device - Storage Optimized. * Provide local computer services, running processes at the edge: * Lambda functions * EC2 Instances * **Three versions:** - * Storage Optimized - 100 TB with 80 TB usable - * Compute Optimized - Super fast nvme SSD - * Compute Optimized with GPU - Analytics + * Storage Optimized - 100 TB with 80 TB usable. + * Compute Optimized - Super fast nvme SSD. + * Compute Optimized with GPU - Analytics. * **Snowmobile:** * 100 PB per Snowmobile, can be used in parallel. - * Mobile data center - * Data center migrations + * Mobile data center. + * Data center migrations. * Use when transferring more than 10 PB. * Less than 10 PB use one or more Snowball/Snowball Edge. * Multiple locations - Same as above. diff --git a/docs/12_Application_Intergration/12a_SQS/SQS_Overview.md b/docs/12_Application_Intergration/12a_SQS/SQS_Overview.md index 2e26699..2bdd6b8 100644 --- a/docs/12_Application_Intergration/12a_SQS/SQS_Overview.md +++ b/docs/12_Application_Intergration/12a_SQS/SQS_Overview.md @@ -7,7 +7,7 @@ * Messages up to 256KB in size - link to large data. * Received messages are hidden (VisibilityTimeout) * The messages either reappear (retry) or are explicitly deleted. - * Dead-Letter queues can be used fro problem messages. + * Dead-Letter queues can be used for problem messages. * Allows for distributed/decoupled application components. * ASG can grow based on queue size. * Lambda functions can replace the role of worker instances, polling and processing messages. diff --git a/docs/12_Application_Intergration/12c_MQ/MQ_Essentials.md b/docs/12_Application_Intergration/12c_MQ/MQ_Essentials.md index ca6ce0f..e19b324 100644 --- a/docs/12_Application_Intergration/12c_MQ/MQ_Essentials.md +++ b/docs/12_Application_Intergration/12c_MQ/MQ_Essentials.md @@ -15,5 +15,5 @@ * **Use Cases:** * For scenarios where a messaging system is already developed and needs to be moved to the cloud. * Default to SNS or SQS for most new implementations. - * SNS or SQS if AWS integration is required (logging, permissions, encryption, service integration.) + * SNS or SQS if AWS integration is required (logging, permissions, encryption, service integration). * Used Amazon MQ if you need to use JMI API, AMQP, MQTT, OpenWire or STOMP. diff --git a/docs/12_Application_Intergration/12e_Step_Functions/Step_Functions.md b/docs/12_Application_Intergration/12e_Step_Functions/Step_Functions.md index 59b6281..8ab0a64 100644 --- a/docs/12_Application_Intergration/12e_Step_Functions/Step_Functions.md +++ b/docs/12_Application_Intergration/12e_Step_Functions/Step_Functions.md @@ -1,4 +1,6 @@ +# Step Functions + * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Standard is default execution time and has a lifespan of up to 1 year. \ No newline at end of file + * Standard is default execution time and has a lifespan of up to 1 year. diff --git a/docs/2_Accounts/2c_Billing_Models/Billing.md b/docs/2_Accounts/2c_Billing_Models/Billing.md index 5957221..9eda239 100644 --- a/docs/2_Accounts/2c_Billing_Models/Billing.md +++ b/docs/2_Accounts/2c_Billing_Models/Billing.md @@ -11,12 +11,12 @@ * Default * Pay for what you consume. * Per second billing. - * no capacity reservation - * no discount. - * Use: - * Short term workloads - * Unknown workloads - * Apps which cannot be interrupted + * No capacity reservation. + * No discount. + * Usage: + * Short term workloads. + * Unknown workloads. + * Apps which cannot be interrupted. * **2. Reserved** * 12 or 36-month term * All Upfront (best cost advantages), Partial Upfront, and No Upfront. diff --git a/docs/2_Accounts/2d_Advanced_Identity_in_AWS/Identity_Federation.md b/docs/2_Accounts/2d_Advanced_Identity_in_AWS/Identity_Federation.md index c25e5a2..1a7c828 100644 --- a/docs/2_Accounts/2d_Advanced_Identity_in_AWS/Identity_Federation.md +++ b/docs/2_Accounts/2d_Advanced_Identity_in_AWS/Identity_Federation.md @@ -10,17 +10,17 @@ * Access console as well as cli and api: * Use ```AssumeRoleWithSAML``` * **SAML 2.0:** - * Indirectly use on-premises IDs with AWS (Console and CLI) - * Used when using an Enterprise Identity Provider that is also SAML 2.0 compatible + * Indirectly use on-premises IDs with AWS (Console and CLI). + * Used when using an Enterprise Identity Provider that is also SAML 2.0 compatible. * Existing identity management team. * Desire single source of truth for users, and/or more than 5,000 users. - * If a question mentions Google, Facebook, Web, etc, SAML 2.0 is not the correct option. + * If a question mentions Google, Facebook, Web, etc, SAML 2.0 is NOT the correct option. * Assumes a IAM Role and used AWS Temporary Credentials which have 12 hour validity. * **AWS SSO:** * Flexible Identity source. * Has a built-in identity store. * On-Prem AD (Two way trust or AD connector) - * Preferred by AWS to SAML 2.0 + * Preferred by AWS to SAML 2.0. * Work place vs customer identities: * Customer - Web Apps, Google, Twitter - Cognito * Workplace - AWS SSO diff --git a/docs/3_Networking/3a_VPC_Essentials/Egress-Only_Gateways.md b/docs/3_Networking/3a_VPC_Essentials/Egress-Only_Gateways.md index 720bfee..f2d58be 100644 --- a/docs/3_Networking/3a_VPC_Essentials/Egress-Only_Gateways.md +++ b/docs/3_Networking/3a_VPC_Essentials/Egress-Only_Gateways.md @@ -1,4 +1,4 @@ -# Egress-Only Gateways +# Egress-Only Internet Gateways * [Return to table of contents](../../../README.md) @@ -8,6 +8,6 @@ * **Exam Tips:** * With IPv6 all subnets are essentially public. - * Known when to integrate an EGW: + * Known when to integrate an EIGW: * When wanting to allow outbound only IPv6 traffic. * Not used for IPv4, that would be a NAT Gateway. diff --git a/docs/3_Networking/3a_VPC_Essentials/NACLs.md b/docs/3_Networking/3a_VPC_Essentials/NACLs.md index a5c1923..dedae84 100644 --- a/docs/3_Networking/3a_VPC_Essentials/NACLs.md +++ b/docs/3_Networking/3a_VPC_Essentials/NACLs.md @@ -11,8 +11,9 @@ * Once a rule matches, it applies the rule and stops. * **Exam Tips:** - * Subnets can only be associated with one NACL + * Subnets can only be associated with one NACL. * Stateless. * Exam gotcha, troubleshoot connectivity between EC2 instances in the same subnet, a NACL does not restrict this. - * Traffic within a subnet, EC2 instance to EC2 instance, would not be affected. It only affects traffic that crosses a subnet boundary. + * Traffic within a subnet, EC2 instance to EC2 instance, would not be affected. + * It only affects traffic that crosses a subnet boundary. * Default for custom NACLs is deny everything. diff --git a/docs/3_Networking/3a_VPC_Essentials/Security_Groups.md b/docs/3_Networking/3a_VPC_Essentials/Security_Groups.md index b4f96c4..f86f4b1 100644 --- a/docs/3_Networking/3a_VPC_Essentials/Security_Groups.md +++ b/docs/3_Networking/3a_VPC_Essentials/Security_Groups.md @@ -13,9 +13,10 @@ * **Exam Tips:** * Not able to explicitly deny traffic. * Does not work on DNS names: - * Logical resources + * Works with: + * Logical resources. * IPs - * CIDR ranges + * CIDR ranges. * Unless explicitly allowed, there is a hidden implicit deny. * Any other logical resources can be referenced. * Able to add functional, role based security. diff --git a/docs/3_Networking/3a_VPC_Essentials/VPC_Flow_Logs.md b/docs/3_Networking/3a_VPC_Essentials/VPC_Flow_Logs.md index 90a30fe..078c79f 100644 --- a/docs/3_Networking/3a_VPC_Essentials/VPC_Flow_Logs.md +++ b/docs/3_Networking/3a_VPC_Essentials/VPC_Flow_Logs.md @@ -26,7 +26,7 @@ * What isn't logged: * DHCP. * AWS DNS. - * Meteadata. + * Metadata. * License Activation Requests. * Destinations: * CWLogs. diff --git a/docs/3_Networking/3a_VPC_Essentials/VPC_Routing.md b/docs/3_Networking/3a_VPC_Essentials/VPC_Routing.md index 59552af..61d9d48 100644 --- a/docs/3_Networking/3a_VPC_Essentials/VPC_Routing.md +++ b/docs/3_Networking/3a_VPC_Essentials/VPC_Routing.md @@ -10,6 +10,6 @@ * The MAIN RT is the implicit and default route table for subnets. * Priority of Routes: * (1.) Longest prefix wins - * More specific routes always win + * More specific routes always win. * (2.) Static routes * (3.) Propagated routes diff --git a/docs/3_Networking/3b_Advanced_VPC_Networking/Direct_Connect.md b/docs/3_Networking/3b_Advanced_VPC_Networking/Direct_Connect.md index 461e59a..0ee151f 100644 --- a/docs/3_Networking/3b_Advanced_VPC_Networking/Direct_Connect.md +++ b/docs/3_Networking/3b_Advanced_VPC_Networking/Direct_Connect.md @@ -10,7 +10,7 @@ * [AWS Direct Connect Gateway – Inter-Region VPC Access](https://aws.amazon.com/blogs/aws/new-aws-direct-connect-gateway-inter-region-vpc-access/) * **Exam Notes:** - * Terrabytes of data? Direct Connect. + * Terabytes of data? Direct Connect. * Remember the set up time required - Weeks to months. * Connections over a Direct Connect are _not_ encrypted. * Private VIFs are a one-to-one connection. @@ -23,32 +23,32 @@ * DX location * AWS allocates a DX port in the DX location * 1000-Base-LX or 10GBASE-LR - * Request a cross-connect into your network (You router) + * Request a cross-connect into your network (Your router). * Private VIF connects to a Virtual Private Gateway (VGW). * Public VIF, public zone services but not internet. * **From AWS:** * 1Gbps => 10Gbps * **From Partner:** * Ranges of speeds: 50Mbps => 10Gbps - * Hosted connection - a DX connection with _one_ VIF + * Hosted connection - a DX connection with _one_ . * Hosted VIF - Single VIF with shared bandwidth* * **MISC:** * Direct connect offers no encryption! * Any data transiting unless encrypted by an application is not encrypted. - * Provision DX, provision public VIF and the create a site-to-site VPN across the VPN. - * No sharing internet data cap - * No sharing internet bandwidth + * Provision DX, provision public VIF and the create a site-to-site VPN across the VPN. + * No sharing internet data cap. + * No sharing internet bandwidth. * No transit over the internet - low/consistent latency. - * Cheaper data transfer / faster speeds + * Cheaper data transfer / faster speeds. * **Link Aggregation Groups (LAGS):** * Multiple physical connections act as one - Speed * n * Provide less admin overhead, more speed, but not really more resilience. * Max of 4 connections per LAG * All must be same **speed** - * Must terminate at same location - * Lag active as long as MinimumLinks attribute is healthy + * Must terminate at same location. + * Lag active as long as MinimumLinks attribute is healthy. * **Transit VIFS:** - * Public VIF can access all AWS public regions + * Public VIF can access all AWS public . * VLAN and BGP session. * Private VIF can only access VPC's in the same AWS region via VGWs. * **DX Gateway:** diff --git a/docs/3_Networking/3b_Advanced_VPC_Networking/Private_Link.md b/docs/3_Networking/3b_Advanced_VPC_Networking/Private_Link.md index ebe3fd5..3fab2fb 100644 --- a/docs/3_Networking/3b_Advanced_VPC_Networking/Private_Link.md +++ b/docs/3_Networking/3b_Advanced_VPC_Networking/Private_Link.md @@ -3,7 +3,7 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * HA via multiple endpoints + * HA via multiple endpoints. * IPv4 & TCP only (IPv6 isn't supported) * Private DNS is supported. - * Direct connect, site-to-site vnp and VPC peer + * Direct connect, site-to-site VPN and VPC peer. diff --git a/docs/3_Networking/3b_Advanced_VPC_Networking/VPC_Structure.md b/docs/3_Networking/3b_Advanced_VPC_Networking/VPC_Structure.md index a3a8ae4..66daa3a 100644 --- a/docs/3_Networking/3b_Advanced_VPC_Networking/VPC_Structure.md +++ b/docs/3_Networking/3b_Advanced_VPC_Networking/VPC_Structure.md @@ -8,7 +8,7 @@ * Cost effective, cost effective, cost effective! * How to calculate required AZ * Most questions ask about designing a solution that can tolerate 1 AZ failure, which is called the buffer AZ. - * AZs in region (6) minus buffer AZx (1) = 5 (Nominal AZs) + * AZs in region (6) minus buffer AZs (1) = 5 (Nominal AZs) * Min app requirements? 5 nominal instances in this example * Nominal instances / nominal AZs (5/5) = Optimal 1 per AZ * Pay attention to min AZ vs cost effective. @@ -19,7 +19,7 @@ * Ignore HA to start with. * How many subnets does your app need? * Public & private addressing, and security can be controlled with one subnet. - * Different routing = multiple subnets + * Different routing = multiple subnets. * Internet-facing ALBs can communicate with private instances. * Needs to run from public subnets. * N of app subnets * AZs = number of subnets needed. diff --git a/docs/3_Networking/3b_Advanced_VPC_Networking/VPNS.md b/docs/3_Networking/3b_Advanced_VPC_Networking/VPNS.md index 3bda795..6d3be9b 100644 --- a/docs/3_Networking/3b_Advanced_VPC_Networking/VPNS.md +++ b/docs/3_Networking/3b_Advanced_VPC_Networking/VPNS.md @@ -6,11 +6,11 @@ * [AWS VPN Solutions](https://www.youtube.com/watch?v=qmKkbuS9gRs) * **Exam Tips:** - * When to use a VPN + * When to use a VPN. * Know the architecture. * BGP required for dual vpn tunnels. * Can be done in minutes. - * As opposed to direct-connect + * As opposed to direct-connect. * Per hour cost. * Data cost for outbound data. * Generally limited by CGW. @@ -19,14 +19,14 @@ * Route Table Priorities * (1.) Local route. * (2.) Static routes. - * (3.) Direct Connect routes learned from BGP + * (3.) Direct Connect routes learned from BGP. * (4.) Statically configured VPN route. - * (5.) VPN routes learned from BPG + * (5.) VPN routes learned from BPG. * Quick to set up (possibly under an hour) * Virtual Private Gateway: * Actually physical * Max throughput of ~ 1.25Gbps - * Latency considerations - inconsistent, public internet - * Hourly cost, GB out cost, data cap (on premises) + * Latency considerations - inconsistent, public internet. + * Hourly cost, GB out cost, data cap (on premises). * Can be used as a backup for Direct Connect. * Can be used on top of Direct Connect for security, providing encryption. diff --git a/docs/4_Security/4a_Account_Service_Security/Certificate_Manager_ACM.md b/docs/4_Security/4a_Account_Service_Security/Certificate_Manager_ACM.md index 28d8bb0..0b9cd91 100644 --- a/docs/4_Security/4a_Account_Service_Security/Certificate_Manager_ACM.md +++ b/docs/4_Security/4a_Account_Service_Security/Certificate_Manager_ACM.md @@ -7,7 +7,7 @@ * [ACM FAQs](https://aws.amazon.com/certificate-manager/faqs/) * **Exam Tips:** - * Certs cannot leave the region they are generated or imported in. + * Certs CANNOT leave the region they are generated or imported in. * Need to be aware of the architect of ACM, not implementation. * Natively integrates. * Cannot use on EC2 instances. diff --git a/docs/4_Security/4a_Account_Service_Security/CloudHSM.md b/docs/4_Security/4a_Account_Service_Security/CloudHSM.md index e8343e7..caeeb25 100644 --- a/docs/4_Security/4a_Account_Service_Security/CloudHSM.md +++ b/docs/4_Security/4a_Account_Service_Security/CloudHSM.md @@ -7,7 +7,7 @@ * **Exam Tips:** * Behind the scenes it uses Hardware Security Module (HSM) - * A true "single tenant" HSM + * A true "single tenant" HSM. * AWS provisioned but fully customer managed. * Be mindful of requirements for, CloudHSM supports them: * If the solution requires these services, you cannot use KMS! diff --git a/docs/4_Security/4a_Account_Service_Security/Directory_Service.md b/docs/4_Security/4a_Account_Service_Security/Directory_Service.md index 6e77ade..78a41df 100644 --- a/docs/4_Security/4a_Account_Service_Security/Directory_Service.md +++ b/docs/4_Security/4a_Account_Service_Security/Directory_Service.md @@ -21,7 +21,7 @@ * Native schema extensions? Microsoft AD mode. * **Simple AD:** * **AD Connector:** - * A pair of directory endpoints running in AWS (ENIs in a VPC) + * A pair of directory endpoints running in AWS (ENIs in a VPC). * Supports directory aware AWS products. * Requires a working network connection. * AD connector is good for proof-of-concept or fast deployment. diff --git a/docs/4_Security/4a_Account_Service_Security/Key_Management_Service_KMS.md b/docs/4_Security/4a_Account_Service_Security/Key_Management_Service_KMS.md index 4fbbc28..b667a48 100644 --- a/docs/4_Security/4a_Account_Service_Security/Key_Management_Service_KMS.md +++ b/docs/4_Security/4a_Account_Service_Security/Key_Management_Service_KMS.md @@ -22,6 +22,6 @@ * Don't have to give S3 users access to decrypt. * FIPS 140-2 compliant service? Use KMS as it supports up to level 2. * Can only be managed by AWS APIs. - * CMKs can only be used fro up to 4KB of data. - * CMKs support rotation - * CMKs are more configurable + * CMKs can only be used for up to 4KB of data. + * CMKs support rotation. + * CMKs are more configurable. diff --git a/docs/4_Security/4a_Account_Service_Security/Secrets_Manager.md b/docs/4_Security/4a_Account_Service_Security/Secrets_Manager.md index b4775b5..7c2647e 100644 --- a/docs/4_Security/4a_Account_Service_Security/Secrets_Manager.md +++ b/docs/4_Security/4a_Account_Service_Security/Secrets_Manager.md @@ -3,8 +3,8 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * It does share functionality with parameter store + * It does share functionality with parameter store. * Designed for secrets (.. passwords, API KEYS..) * Usable via console, CLI, API, or SDKs - * Supports automatic rotation of secrets using lambda - * Directly integrates with some AWS products (RDS) \ No newline at end of file + * Supports automatic rotation of secrets using Lambda. + * Directly integrates with some AWS products (RDS). \ No newline at end of file diff --git a/docs/4_Security/4c_Compute_Security/Inspector.md b/docs/4_Security/4c_Compute_Security/Inspector.md index 99f2fa7..44cfc9c 100644 --- a/docs/4_Security/4c_Compute_Security/Inspector.md +++ b/docs/4_Security/4c_Compute_Security/Inspector.md @@ -6,7 +6,7 @@ * Scans EC2 instances and the instance OS. * Vulnerabilities and deviations against best practice. * Length: - * 15mins + * 15 mins * 1,8,12 hour * 1 day * Provides a report of findings ordered by priority. diff --git a/docs/5_Compute/5a_EC2/EC2_Storage_and_Snapshots.md b/docs/5_Compute/5a_EC2/EC2_Storage_and_Snapshots.md index 0cc389a..c17738d 100644 --- a/docs/5_Compute/5a_EC2/EC2_Storage_and_Snapshots.md +++ b/docs/5_Compute/5a_EC2/EC2_Storage_and_Snapshots.md @@ -28,14 +28,14 @@ * SSD Based: * General Purpose (gp2) * Provisioned IOPS SSD (io1) - * IOPS can scale separately of the volume size. + * IOPS can scale independent of the volume size. * HDD: * Cannot be used as a boot volume. * Throughput Optimized (st1) * Frequently accessed. * Cold HDD (sc1) * Know the ideal patterns and anti-patterns for EBS storage: - * Ideal + * Ideal: * Persistence * Durability * Elasticity diff --git a/docs/5_Compute/5a_EC2/HPC_Placement_Groups.md b/docs/5_Compute/5a_EC2/HPC_Placement_Groups.md index 6759ecc..4147865 100644 --- a/docs/5_Compute/5a_EC2/HPC_Placement_Groups.md +++ b/docs/5_Compute/5a_EC2/HPC_Placement_Groups.md @@ -7,8 +7,8 @@ * **Notes:** * **Cluster placement group:** - * Single AZ - * Cannot not span AZs + * Single AZ: + * Cannot not span AZs. * Can span peered VPC, but impacts performance. * Maximum possible performance between EC2 instances. * Benefits: diff --git a/docs/5_Compute/5b_Containers/ECS_Security.md b/docs/5_Compute/5b_Containers/ECS_Security.md index d4b6236..2591c23 100644 --- a/docs/5_Compute/5b_Containers/ECS_Security.md +++ b/docs/5_Compute/5b_Containers/ECS_Security.md @@ -9,7 +9,7 @@ * **Exam Tips:** * If asked about how to restrict traffic to an individual container, choose ECS network only mode. * **Fargate:** - * Secure tasks only + * Secure tasks only. * **Instance type:** * Hosts * Tasks diff --git a/docs/5_Compute/5c_Serverless/API_Gateway.md b/docs/5_Compute/5c_Serverless/API_Gateway.md index d380f34..77d15f4 100644 --- a/docs/5_Compute/5c_Serverless/API_Gateway.md +++ b/docs/5_Compute/5c_Serverless/API_Gateway.md @@ -28,7 +28,7 @@ * 403 Access denied - Authorizer denies * 429 API gateway can throttle - You've exceeded your that amount. * 5xx server error - Valid request, backend issue. - * 502 Bad gateway exception - bad output returned by lambda. + * 502 Bad gateway exception - bad output returned by Lambda. * 503 Service unavailable - backing endpoint offline - could be major service issue. * 504 Integration failure/timeout - 29s limit. * **Caching:** diff --git a/docs/5_Compute/5c_Serverless/Lambda_indepth.md b/docs/5_Compute/5c_Serverless/Lambda_indepth.md index ecd03cf..f318550 100644 --- a/docs/5_Compute/5c_Serverless/Lambda_indepth.md +++ b/docs/5_Compute/5c_Serverless/Lambda_indepth.md @@ -17,7 +17,7 @@ * Go * C# * Custom runtimes such as Rust are possible with Lambda Layers. - * You directly control the memory allocated for Lambda functions wheraes vCPU is allocated indirectly. + * You directly control the memory allocated for Lambda functions whereas vCPU is allocated indirectly. * Function timeout of 900s (15 minutes). * Anything longer and you cannot use Lambda directly. diff --git a/docs/5_Compute/5c_Serverless/Serverless_Event-Driven_Architectures.md b/docs/5_Compute/5c_Serverless/Serverless_Event-Driven_Architectures.md index b254afd..8dffa62 100644 --- a/docs/5_Compute/5c_Serverless/Serverless_Event-Driven_Architectures.md +++ b/docs/5_Compute/5c_Serverless/Serverless_Event-Driven_Architectures.md @@ -10,4 +10,4 @@ * Time limit for Lambda functions. * Keep them simple. * Questions on how to increase efficacy: - * Understand event driven architecture benefits + * Understand event driven architecture benefits. diff --git a/docs/5_Compute/5d_Workspaces/Workspaces_Overview.md b/docs/5_Compute/5d_Workspaces/Workspaces_Overview.md index 069254b..aaec133 100644 --- a/docs/5_Compute/5d_Workspaces/Workspaces_Overview.md +++ b/docs/5_Compute/5d_Workspaces/Workspaces_Overview.md @@ -3,7 +3,7 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Uses Directory Services (Simple, AD, AD Connector) + * Uses Directory Services (Simple, AD, AD Connector). * There is a per hour billing cost, as well as a baseline service charge. * Can access FSx and EC2 windows resources. * Uses an ENI in a VPC, using VPC networking. diff --git a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/AWS_Service_Resilience.md b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/AWS_Service_Resilience.md index 734e74d..73d2e6a 100644 --- a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/AWS_Service_Resilience.md +++ b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/AWS_Service_Resilience.md @@ -4,7 +4,7 @@ * **Exam Tips:** * **IAM:** - * Globally resilient + * Globally resilient. * **S3:** * Regional level. * Replicated across AZs in region. @@ -15,7 +15,7 @@ * **EC2/EBS:** * EC2 limited to a single AZ. * If AZ fails, probably lose the instance. - * EBS in AZ. + * EBS in AZ: * Some replication within same AZ. * Snapshots use S3 as backend, and replicated across all AZs in region. * Can also copy a snapshot to another region. @@ -30,12 +30,12 @@ * VPC is regional * Subnets cannot span AZs. * Neither can the services deployed inside a single subnet. - * put one subnet per AZ. + * Put one subnet per AZ. * **NAT GW:** * Not resilient by default. - * Placed in a subnet., thus they are AZ bound. + * Placed in a subnet, thus they are AZ bound. * Can tolerate hardware failures. * **VPN:** - * VPGW + * VPGW: * Publicly available - * In multiple AZs (Think dual tunnel) + * In multiple AZs (Think dual tunnel). diff --git a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Deciding_between_Spot_Reserved_Instances.md b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Deciding_between_Spot_Reserved_Instances.md index 61f47d2..69d2aec 100644 --- a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Deciding_between_Spot_Reserved_Instances.md +++ b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Deciding_between_Spot_Reserved_Instances.md @@ -9,7 +9,7 @@ * **Exam Tips:** * **Reserved:** - * Don't used for variable + * Don't used for variable. * For cost savings * Look for scenarios where you know you'll need the capacity. * Think webserver. diff --git a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/ELB.md b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/ELB.md index 7b5c64b..a3ec1a6 100644 --- a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/ELB.md +++ b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/ELB.md @@ -14,14 +14,14 @@ * Need to know what scenario to use specific types of ELBs. * Provides abstraction. * ELBs allow decoupling of the tiers. - * ELB is a DNS A record pointing at 1+ nodes per AZ - * Nodes (in one subnet per AZ) can scale + * ELB is a DNS A record pointing at 1+ nodes per AZ. + * Nodes (in one subnet per AZ) can scale. * Internet facing (public IPv4) load balancers can work with public or private instances. * Internal facing IP is private only IPs. * Listener configuration controls what the LB listens to. - * 8+ free IPs per subnet, and /27 subnet to allow scaling. + * 8+ free IPs per subnet, and /27 subnet to allow scaling. * **Classic Load Balancer:** - * Not recommended + * Not recommended. * Not layer 7 device. * Can do SSL offloading by having the LB do the SSL/TLS work, freeing up some work on the instances. * **Application Load Balancers:** @@ -37,7 +37,7 @@ * Authenticate * Can cope with multiple certificates. * HTTP/2 is supported. - * Can have lambda functions as targets. + * Can have Lambda functions as targets. * Health checks defined at target group level. * **Network Load Balancers:** * Operate at layer 4 of the OSI model. diff --git a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Stateless_Architectures.md b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Stateless_Architectures.md index ea77230..7d9db74 100644 --- a/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Stateless_Architectures.md +++ b/docs/6_Scaling_and_Resilience/6a_Scaling_Architectures/Stateless_Architectures.md @@ -3,5 +3,5 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Know the difference between horizontal and vertical scaling + * Know the difference between horizontal and vertical scaling. * Horizontal requires a stateless architecture to operate properly. diff --git a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Architecture.md b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Architecture.md index b08ae6a..09281a4 100644 --- a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Architecture.md +++ b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Architecture.md @@ -9,11 +9,11 @@ * ACM has to be provisioned in US-East-1 for global services like CloudFront. * Cannot use self signed certificates. * Questions involving Adobe Flash Media Server RTMP require S3 and RTMP distribution type. - * Can be integrated with WAF + * Can be integrated with WAF. * Older browsers? Dedicated IP address for each edge location. * Can specify restrict view access. * Per-behavior setting. * Can create origin failover by creating an origin group with two origins: - * One acts as the primary origin + * One acts as the primary origin. * The other origin acts as the secondary which CloudFront will switch to in the case of the primary failing. * CloudFront is for downloads only. Any uploads go directly to the origin. diff --git a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Security.md b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Security.md index 8d62134..d70f636 100644 --- a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Security.md +++ b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/CloudFront_Security.md @@ -12,7 +12,7 @@ * **Exam Tips:** * **SSL:** - * Supported by default + * Supported by default. * Using CNAME: * Verify ownership (optionally HTTPS) using a matching cert. * Can use with ACM, but the cert must be requested for the US East (N. Virginia) region. @@ -50,25 +50,25 @@ * Can be use to restrict based on almost anything (licensing, user login status, user profile fields and much more) * Anything beyond the country. * **Origin Access Identity (OAI):** - * An OAI is a type of identity - * Can be associated with CloudFront Distributions - * CloudFront 'becomes' that OAI - * That OAI can be used in S3 bucket policies + * An OAI is a type of identity. + * Can be associated with CloudFront Distributions. + * CloudFront 'becomes' that OAI. + * That OAI can be used in S3 bucket policies. * Deny all but one or more OAIs. * **Private Distributions:** - * Public - open access to objects - * Private - requests require signed cookie or URL + * Public - open access to objects. + * Private - requests require signed cookie or URL. * 1 behavior - Whole distribution public or private. - * Multiple behaviors - each is public or private - * A CloudFront Key is created by an account root user + * Multiple behaviors - each is public or private. + * A CloudFront Key is created by an account root user. * That account is added as a trusted signer. * Signed URLs: - * URL provides access to one object - * Legacy RTMP distributions an't use cookies - * User URLs if your client doesn't support coolies - * Cookie provides access to groups of objects - * User for groups of files/all files of a type - * Or it maintaining URLs is important + * URL provides access to one object. + * Legacy RTMP distributions can't use cookies. + * Use URLs if your client doesn't support cookies. + * Cookie provides access to groups of objects. + * Use for groups of files/all files of a type. + * Or if maintaining URLs is important. Example bucket policy using OAI diff --git a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Creating_and_Working_with_Distributions.md b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Creating_and_Working_with_Distributions.md index 74e03ed..9cd9632 100644 --- a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Creating_and_Working_with_Distributions.md +++ b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Creating_and_Working_with_Distributions.md @@ -12,10 +12,10 @@ * ACM has to be provisioned in US-East-1 for global services like CloudFront. * Cannot use self signed certificates. * **Behaviors:** - * Price class - * AWS WAF web ACL - * Alternate Domain Names (CNAMEs) - * Custom domain name = custom cert + * Price class. + * AWS WAF web ACL. + * Alternate Domain Names (CNAMEs). + * Custom domain name = custom cert. * Viewer protocol policy: * HTTP and HTTPS or mixture of both or one or the other. * Caching controls. diff --git a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Optimizing_Caching.md b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Optimizing_Caching.md index 67f9b43..670ff7e 100644 --- a/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Optimizing_Caching.md +++ b/docs/6_Scaling_and_Resilience/6b_CloudFront_Essentials/Optimizing_Caching.md @@ -6,12 +6,12 @@ * [Configuring caching](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ConfiguringCaching.html) * **Exam Tips:** - * Cache Hit = Matching object, delivered from cache + * Cache Hit = Matching object, delivered from cache. * Cache Miss = Matching object not cached. - * Maximize the cache hit ratio + * Maximize the cache hit ratio. * ACM has to be provisioned in US-East-1 for global services like CloudFront. - * Forward what the application needs - * Cache based on what can change the objects + * Forward what the application needs. + * Cache based on what can change the objects.S * The more things are involved in caching the less efficient. * Cannot use self signed certificates. * Can change caching behavior based on: diff --git a/docs/6_Scaling_and_Resilience/6c_Route53/Advanced_Route53_Concepts.md b/docs/6_Scaling_and_Resilience/6c_Route53/Advanced_Route53_Concepts.md index fdfc3a2..37ba764 100644 --- a/docs/6_Scaling_and_Resilience/6c_Route53/Advanced_Route53_Concepts.md +++ b/docs/6_Scaling_and_Resilience/6c_Route53/Advanced_Route53_Concepts.md @@ -11,7 +11,7 @@ * **Exam Tips:** * VPC interfaces (ENIs) - Accessible over VPN or DX. * Inbound Endpoints: - * on-prem can forward to R53 resolver + * on-prem can forward to R53 resolver. * Outbound Endpoints: * conditional forwarding of requests from R53 to on-prem. * Rules control what requests are forwarded. diff --git a/docs/7_Storage/7a_S3/S3_Controlling_Access.md b/docs/7_Storage/7a_S3/S3_Controlling_Access.md index 6668386..27942a1 100644 --- a/docs/7_Storage/7a_S3/S3_Controlling_Access.md +++ b/docs/7_Storage/7a_S3/S3_Controlling_Access.md @@ -7,7 +7,7 @@ * [Uploading Objects Using Presigned URLs](https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html) * **Exam Tips:** - * Private by default + * Private by default. * Tags and resource policies can work together to grant extensive permissions. * Questions about object specific permissions and access via a URL, define an object level ACL. * **Pre-Signed URLs:** diff --git a/docs/7_Storage/7a_S3/S3_Cross-Region_Replication.md b/docs/7_Storage/7a_S3/S3_Cross-Region_Replication.md index 59081c8..868d74e 100644 --- a/docs/7_Storage/7a_S3/S3_Cross-Region_Replication.md +++ b/docs/7_Storage/7a_S3/S3_Cross-Region_Replication.md @@ -3,7 +3,7 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Default is to replicated un-encrypted. + * Default is to replicate un-encrypted. * Supports SS3-S3 by default and SSE-KMS. * Does not support customer created keys. * Storage class and object ownerships are replicated, but not lifecycle policies. diff --git a/docs/7_Storage/7a_S3/S3_Object_Encryption.md b/docs/7_Storage/7a_S3/S3_Object_Encryption.md index 6c348eb..e34a773 100644 --- a/docs/7_Storage/7a_S3/S3_Object_Encryption.md +++ b/docs/7_Storage/7a_S3/S3_Object_Encryption.md @@ -5,14 +5,14 @@ * **Exam Tips:** * **Server-side Encryption (SSE):** * **Customer-Provided Keys (SSE-C):** - * You are completly responsible for managing these keys. + * You are completely responsible for managing these keys. * **S3-Managed Keys (SSE-S3):** * AWS managed key. - * Master key is regulary rotated. + * Master key is regularly rotated. * The default encryption key. * **KMS-Managed Keys (SSE-KMS):** * Allows a role split. - * Can give separate set of permissions between KMS and S3 + * Can give separate set of permissions between KMS and S3. * Allows for some more control over the master key. * You are not encrypting a bucket, you are encrypting the objects! * The default encryption setting defines what default encryption policy will be used if an encryption type is not defined. diff --git a/docs/7_Storage/7a_S3/S3_Optimizing_Performance.md b/docs/7_Storage/7a_S3/S3_Optimizing_Performance.md index 1cb3765..dcfbb7d 100644 --- a/docs/7_Storage/7a_S3/S3_Optimizing_Performance.md +++ b/docs/7_Storage/7a_S3/S3_Optimizing_Performance.md @@ -19,8 +19,8 @@ \* Multithreading helps maximize the bandwidth used to upload and decreases the impact to the network by reducing the size of the restart domains, it breaks the upload into smaller parts. It is akin to windowing. - * **Partitions and Object Naming:** - * Remember, no true folders. - * S3 allows a mix of 3500 write TPS and 5500 read TPS per partition - * If you don't need to achieve these results, don't worry about object naming in the bucket. - * Prefixes determine the partitioning of objects in a bucket. +* **Partitions and Object Naming:** + * Remember, no true folders. + * S3 allows a mix of 3500 write TPS and 5500 read TPS per partition. + * If you don't need to achieve these results, don't worry about object naming in the bucket. + * Prefixes determine the partitioning of objects in a bucket. diff --git a/docs/7_Storage/7a_S3/S3_Storage_Tiers_Intelligent-Tiering_Lifecycle_Policies.md b/docs/7_Storage/7a_S3/S3_Storage_Tiers_Intelligent-Tiering_Lifecycle_Policies.md index 48bf6d1..3b4da34 100644 --- a/docs/7_Storage/7a_S3/S3_Storage_Tiers_Intelligent-Tiering_Lifecycle_Policies.md +++ b/docs/7_Storage/7a_S3/S3_Storage_Tiers_Intelligent-Tiering_Lifecycle_Policies.md @@ -7,26 +7,26 @@ * **Exam Tips:** * Every object must have an associated storage class (tier). - * All share 11 nine durability. + * All share 11 nines durability. * **S3 Storage Tiers:** * **S3 Standard:** * General objects. * This is the default storage class. - * A target of 99.99% availability over the year (The availability SLA is 99.9%). + * A target of 99.99% availability over the year (The availability SLA is 99.9%). * Replication to at least 3 AZs. * First-byte latency of a millisecond(s). * **Infrequent Access S3-IA:** * For infrequent access to important objects that require quick retrieval. - * A target of 99.9% availability over the year (The availability SLA is 99%). + * A target of 99.9% availability over the year (The availability SLA is 99%). * Replication to at least 3 AZs. * Less expensive than Standard. - * Minimum storage charge of 30 days per object, plus a minimum storage charge of 128 KB, and a retrieval fee. + * Minimum storage charge of 30 days per object, plus a minimum storage charge of 128 KB, and a retrieval fee. * First-byte latency of a millisecond(s). * **S3 One Zone-IA:** * Used for non-critical, reproducible. - * A target of 99.5% availability over the year (The availability SLA is 99%). + * A target of 99.5% availability over the year (The availability SLA is 99%). * _Only 1 AZ replication_ - * Minimum storage charge of 30 days per object, plus a minimum storage charge of 128 KB, and a retrieval fee. + * Minimum storage charge of 30 days per object, plus a minimum storage charge of 128 KB, and a retrieval fee. * Less expensive than Standard and S3-IA * **S3 Intelligent-Tiering:** * Designed for unknown or unpredictable access patterns. @@ -48,7 +48,7 @@ * A minimum of 180 days charge per object, 40 KB minimum storage charge, and a retrieval fee. * **Lifecycle Policies:** * Rules are at a bucket level. - * Can configure move between tiers or expire the object.. + * Can configure move between tiers or expire the object. * Can be used to move objects into Glacier for archiving. * Some movement is one way (cannot move from Glacier back to Standard.) \ No newline at end of file diff --git a/docs/7_Storage/7a_S3/S3_Versioning_and_Locking.md b/docs/7_Storage/7a_S3/S3_Versioning_and_Locking.md index bb0b5e6..3216fa1 100644 --- a/docs/7_Storage/7a_S3/S3_Versioning_and_Locking.md +++ b/docs/7_Storage/7a_S3/S3_Versioning_and_Locking.md @@ -5,7 +5,7 @@ * **Exam Tips:** * **Versioning:** * Cannot disable versioning, can only suspend. - * Unique ID per object, and with versioning a new unique ID is added for object per each new version. + * Unique ID per object, and with versioning a new unique ID is added for object per each new version. * If an object is deleted when versioning is enabled, it adds a delete marker, but does not delete the object itself or versions of the object. * Can delete the delete marker to see the object again in the console and cli. * Be aware that versioning exists and that you can refer to previous versions. diff --git a/docs/7_Storage/7c_FSx/FSx_Architecture.md b/docs/7_Storage/7c_FSx/FSx_Architecture.md index 5b77894..22601c3 100644 --- a/docs/7_Storage/7c_FSx/FSx_Architecture.md +++ b/docs/7_Storage/7c_FSx/FSx_Architecture.md @@ -12,4 +12,4 @@ * By default not highly available. * Provides either SMB or Lustre. * Look for VSS, SMB, DFS = fSX windows - * Windows permission model + * Windows permission model. diff --git a/docs/7_Storage/7c_FSx/FSx_Lustre.md b/docs/7_Storage/7c_FSx/FSx_Lustre.md index 86e4b9c..2a0989e 100644 --- a/docs/7_Storage/7c_FSx/FSx_Lustre.md +++ b/docs/7_Storage/7c_FSx/FSx_Lustre.md @@ -10,15 +10,15 @@ * HPC, ML, Big Data = Lustre * Metadata stored on Metadata Targets (MST) * Objects are stored on object storage targets (OSTs) (1.17TiB) - * Baseline performance based on size - * Size - min 1.2TiB then increments of 2.4TiB - * For Scratch - Base 200 MB/s per TiB of storage - * Persistent offers of 50 MB/s, 100 MB/s, and 200 MB/s per TIB of storage + * Baseline performance based on size. + * Size - min 1.2TiB then increments of 2.4TiB. + * For Scratch - Base 200 MB/s per TiB of storage. + * Persistent offers of 50 MB/s, 100 MB/s, and 200 MB/s per TIB of storage. * Burst up to 1300 MB/s per TiB (Credit System). * **Deployment Types:** * Scratch: * Pure performance - * Short term of temp workloads + * Short term of temp workloads. * No HA * No Replication * Persistent: diff --git a/docs/7_Storage/7d_Storage_Gateway/File_vs_Volume_vs_Tape_Gateways.md b/docs/7_Storage/7d_Storage_Gateway/File_vs_Volume_vs_Tape_Gateways.md index 0359191..5bf6b26 100644 --- a/docs/7_Storage/7d_Storage_Gateway/File_vs_Volume_vs_Tape_Gateways.md +++ b/docs/7_Storage/7d_Storage_Gateway/File_vs_Volume_vs_Tape_Gateways.md @@ -10,24 +10,24 @@ * **Exam Tips:** * **Volume Gateway:** * **Stored Volumes:** - * Raw, block storage via iSCSI - * Stored locally - * Great for full disk **backups** of servers - * Assist with disaster recovery - * Does not improve datacenter capacity - * Main copy of data is stored on the gateway + * Raw, block storage via iSCSI. + * Stored locally. + * Great for full disk **backups** of. + * Assist with disaster recovery. + * Does not improve datacenter capacity. + * Main copy of data is stored on the gateway. * **Cached Volumes:** - * Raw, block storage via iSCSI + * Raw, block storage via iSCSI. * Primary location is now S3, with frequently access data cached locally. * AWS managed S3, cannot browse to the bucket. * Data center extension. * **Tape Gateway:** * VTL * **File Gateway:** - * Bridges on-premises file storage and S3 - * Mount points available via NFS or SMB - * Map directly on an S3 bucket - * Files stored into a mount point, are visible as objects in an S3 Bucket + * Bridges on-premises file storage and S3. + * Mount points available via NFS or SMB. + * Map directly on an S3 bucket. + * Files stored into a mount point, are visible as objects in an S3 Bucket. * Read and write caching ensure LAN-like performance. * Primary data stored in S3. * Up to 10 shares. diff --git a/docs/8_Databases/8a_DB_Introduction/DB_Models_Engines.md b/docs/8_Databases/8a_DB_Introduction/DB_Models_Engines.md index abbbd52..bd55d4f 100644 --- a/docs/8_Databases/8a_DB_Introduction/DB_Models_Engines.md +++ b/docs/8_Databases/8a_DB_Introduction/DB_Models_Engines.md @@ -18,7 +18,7 @@ * **NoSQL:** * **Key Value:** * No structure. - * DynamoDB. + * DynamoDB * Redis * Super fast queries and great scalability. * Great for WebApps @@ -31,7 +31,7 @@ * Data warehouses * Analytics * Reporting - * Think Redshift. + * Think Redshift * Not used for transactions! * **Graph DB:** * Designed for dynamic relationships diff --git a/docs/8_Databases/8b_SQL/Athena.md b/docs/8_Databases/8b_SQL/Athena.md index 41ae5dc..0aed032 100644 --- a/docs/8_Databases/8b_SQL/Athena.md +++ b/docs/8_Databases/8b_SQL/Athena.md @@ -24,7 +24,7 @@ * Use cases: * Queries where loading/transformation isn't desired. * Occasional / Ad-hoc queries on data in S3. - * Serverless querying scenarios - cost conscious + * Serverless querying scenarios - cost conscious. * Querying AWS logs - VPC flow logs, CloudTrail, ELB logs, cost reports. * AWS Glue Data Catalog and web server logs. * Using Athena Federated Query you can use other data sources. diff --git a/docs/8_Databases/8b_SQL/Aurora.md b/docs/8_Databases/8b_SQL/Aurora.md index 7944631..477aed2 100644 --- a/docs/8_Databases/8b_SQL/Aurora.md +++ b/docs/8_Databases/8b_SQL/Aurora.md @@ -13,7 +13,7 @@ * Used to allow in-place rewinds to a previous point in time. * Restores create a new cluster. * Fast clones make a new database much faster than copying all the data - copy-on-write. - * A single primary instance + 0 or more replicas + * A single primary instance + 0 or more replicas. * Custom designed by AWS: * MySQL and PostgreSQL compatibility * 5x performance of MySQL diff --git a/docs/8_Databases/8b_SQL/RDS.md b/docs/8_Databases/8b_SQL/RDS.md index 9c85bdd..80c5c5e 100644 --- a/docs/8_Databases/8b_SQL/RDS.md +++ b/docs/8_Databases/8b_SQL/RDS.md @@ -17,7 +17,7 @@ * **Automatic backups:** * For true Point-in-Time recovery. * It is done using transaction logs in automatic backups. - * Snapshots + * Snapshots. * **Replication:** * Replication is between master (primary) and slave (standby) node. * Failure of primary and standby AZs would impact service. diff --git a/docs/8_Databases/8b_SQL/RDS_Backups.md b/docs/8_Databases/8b_SQL/RDS_Backups.md index 73d9db8..eacedbf 100644 --- a/docs/8_Databases/8b_SQL/RDS_Backups.md +++ b/docs/8_Databases/8b_SQL/RDS_Backups.md @@ -5,7 +5,7 @@ * **Exam Tips:** * First snapshot is full. * Following snaps are incremental. - * Automatic backups + * Automatic backups: * 5 minute transaction logs. * Can set retention period between 0 - 35 days. * Saved in AWS managed S3. diff --git a/docs/8_Databases/8c_NoSQL/DynamoDB_Architecture.md b/docs/8_Databases/8c_NoSQL/DynamoDB_Architecture.md index 5d05a93..4f25703 100644 --- a/docs/8_Databases/8c_NoSQL/DynamoDB_Architecture.md +++ b/docs/8_Databases/8c_NoSQL/DynamoDB_Architecture.md @@ -30,7 +30,7 @@ * Query can only ever query a single partition key. * A scan can check ranges. * **Table:** - * A table is a grouping of items with the same primary key + * A table is a grouping of items with the same primary key. * Simple (partition) or composite (partition and sort) primary key. * Each item must have a unique value for PK (primary key) and SK (sort key). * Can have none, all, mixture or different attributes (DDB has no rigid attribute schema). diff --git a/docs/8_Databases/8c_NoSQL/DynamoDB_Indexes.md b/docs/8_Databases/8c_NoSQL/DynamoDB_Indexes.md index 6b3721d..9472270 100644 --- a/docs/8_Databases/8c_NoSQL/DynamoDB_Indexes.md +++ b/docs/8_Databases/8c_NoSQL/DynamoDB_Indexes.md @@ -3,7 +3,7 @@ * [Return to table of contents](../../../README.md) * **Exam Tips:** - * Indexes are alternative views on table data + * Indexes are alternative views on table data. * Different SK (Local Secondary Indexes) or different PK and SK (Global Secondary Indexes). * Some or all attributes (projection). * **Local Secondary Indexes (LSI):** diff --git a/docs/8_Databases/8c_NoSQL/DynamoDB_Performance.md b/docs/8_Databases/8c_NoSQL/DynamoDB_Performance.md index b20f60b..c808fa9 100644 --- a/docs/8_Databases/8c_NoSQL/DynamoDB_Performance.md +++ b/docs/8_Databases/8c_NoSQL/DynamoDB_Performance.md @@ -9,12 +9,12 @@ * **Provisioned Model:** * RCU and WCU set on a per table instance. * Every operation consumes at least 1 RCU/WCU(*) - * 1 RCU is 1 x 4KB read operation per second. - * 1 WCU is 1 x 1KB write operation per second. - * Every table has a RCU and WCU burst pool (300 seconds) + * 1 RCU is 1 x 4KB read operation per second. + * 1 WCU is 1 x 1KB write operation per second. + * Every table has a RCU and WCU burst pool (300 seconds). * **Operations:** * **Query:** - * Most efficient operation in DynamoDB + * Most efficient operation in DynamoDB. * Query accepts a single PK value and optionally a SK or range. * Capacity consumed is the size of all returned items. Further filtering discards data - capacity is still consumed. * Can only query on a PK or PK and SK. diff --git a/docs/8_Databases/8c_NoSQL/Neptune.md b/docs/8_Databases/8c_NoSQL/Neptune.md index 6b66fd3..83bca86 100644 --- a/docs/8_Databases/8c_NoSQL/Neptune.md +++ b/docs/8_Databases/8c_NoSQL/Neptune.md @@ -12,4 +12,4 @@ * Fraud prevention = Neptune. * Recommendation engines = Neptune. * Network and IT Operations = Neptune. - * Biology and other life sciences = Neptune. \ No newline at end of file + * Biology and other life sciences = Neptune. diff --git a/docs/9_Analytics_IoT_Streaming/9a_EMR/EMR.md b/docs/9_Analytics_IoT_Streaming/9a_EMR/EMR.md index 72b35c5..7f602eb 100644 --- a/docs/9_Analytics_IoT_Streaming/9a_EMR/EMR.md +++ b/docs/9_Analytics_IoT_Streaming/9a_EMR/EMR.md @@ -34,7 +34,7 @@ * Run task trackers and can run mapping and reduce tasks in the cluster. * Task nodes are optional: * They have no HDFS involvement. - * They don't rune task trackers (core), only run tasks. + * They don't run task trackers (core), only run tasks. * Ideal for SPOT based scaling. * **EMR Cost and Performance Optimization:** * **Performance:** diff --git a/docs/9_Analytics_IoT_Streaming/9g_Batch/Batch_Essentials.md b/docs/9_Analytics_IoT_Streaming/9g_Batch/Batch_Essentials.md index 4b487d5..9c80145 100644 --- a/docs/9_Analytics_IoT_Streaming/9g_Batch/Batch_Essentials.md +++ b/docs/9_Analytics_IoT_Streaming/9g_Batch/Batch_Essentials.md @@ -11,7 +11,7 @@ * **Job:** * Script, executable or Docker container submitted to Batch. * The thing to run. - * Can be dependant on other jobs + * Can be dependant on other jobs. * **Job definition:** * Metadata for a job. * Including permissions (IAM), resource config, mount points. @@ -20,14 +20,15 @@ * Queues are associated with 1+ compute environments. * Compute environment - managed or unmanaged compute * Where you configure instance type/size, vCPU amount, spot price. - * Or define another compute environment used in ECS + * Or define another compute environment used in ECS. * **Batch vs Lambda:** * **Lambda:** * 15 minute execution time limit. * Limited disk space in the environment. * EFS access fixes this but means VPC lambda. * Fully serverless but limited runtime selection. - * Batch:*** Not serverless, it uses docker, allowing any runtime. + * **Batch:** + * Not serverless, it uses docker, allowing any runtime. * No time limit or effective resource limit. * **Managed vs Unmanaged:** * **Managed:**