walcron logo

Certification taken

AWS Solution Architect Associate

  • CLI -> create access key
  • Role -> AWS Service, AWS Account, Web Identity, SAML 2.0 Factory
  • Security Tools
    • IAM Credential Reports(all users + various credential + last used)
    • IAM Access Advisor(services access & not & permission)
  • Guidelines
    • Don't use root access except to create account
    • One physical user = One access user
    • Assign user to group & assign permission to group
    • Create strong password
    • Enforce MFA - virtual, universal, hardware FOB
    • Create & use role for giving permission to AWS Service
    • Use Access Key for program access (CLI, SDK)
    • Audit permission of account using IAM Credential
    • Never share IAM user & access key
  • IAM Role & IAM Policies(JSON)
  • {
                    Version: 2012-10-07
                    Id: "s3-access",
                    Statement: [
                        {"{"}
                            "sid": 10202
                            "Effect": "Allow" // Deny
                            "Princial": {"{"}
                                "AWS": ["arn.aws..."],
                                "Canonical user": "123",
                                "Federated": []
                            "Resource": "s3:mybucket" //NOT Resource
                            {"}"}
                        {"}"}
                    ]
                }
  • Have an instance store.
    • On-Demand
    • Reserved Instanced & Convertible
    • Saving Plans - commit of min usage and allow convertible, get charged even not used (used to be Capacity Reserved)
    • Spot Instance
    • Dedicated Host
    • Dedicated Instance
  • Spot Instance can only terminate if Open/Active/Disabled
  • Spot can have x5, c5 in instances too
  • Spot Fleet - Set of instance + optional on Demand
    • Lowest Price
    • Diversified
    • Capacity Optimized
    • Price Capacity Optimized
  • Elastic IP - > 1 public ip, max 5
  • Elastic Network Interface (ENI) - > 1 private ip, same Az and has MAC Address
  • Placement group:
    • Cluster - same Az
    • Spread - Different region or Az, 1 Az max 7
    • Partition - up to 7 partition, partition do not share rack & can be in same Az or not
  • Hibernate - only if EBS encryption enabled, save the RAM state. Only charge storage.
  • Instance Store - ephemeral, physical and very high IOP, emptied when stop.
  • Root volume type are default deleted on terminate.
  • It's a network drive.
  • To move to new Az use snapshot
  • To Hibernate at instance stop, needs to use encrypt. It stores all RAM into EBS.
  • Snapshot archive are cheaper (72%) but takes 24-72 restore
  • Recycle bin 1 to 1 year retention
  • Fast snapshot restore - $$$$
  • Types:
    only gp(General SSD) & io(Provisioned IPs) can be use as Root Volume
    • gp3 - can increate IOP to 16k, throughput 1000MBis
    • gp2 - max 16k with 3 IOP per GB, 5334 max IOPs
    • io1 - 4-16GB, max PIOP 64k
    • io2 - max 256k with 1000:1, Support EBS multi-attached
    • st1 - 125GB-16TB of HDD
    • sc1 - infrequent access 250 IOP of Cold HDD
  • Multi-attached is only for Same Az, max 16 EC, and for filesystem that is cluster aware (linux)
  • Encryption:
    • Data is encrypted when 1) at rest, 2) snapshot and 3) in-flight between instance and volume
    • To encrypt un-encrypted data -> snapshot -> copy -> create new EBS
  • Snapshot templates and even EBS storage.
  • Region specific but can be copied over via console/commandline.
  • $$$ than 3 gp price
  • Encryption at rest using KMS.
  • Use NSF v4.1 and Linux based AMI.
  • Can be Multi-Az of One Zone. One Zone is only for IA
  • Can be access by Lambda, EC2 and Sagemaker
  • Through Put:
    • Provisioned
    • Elastic
    • Bursting
  • Storage Tier:
    • Standard
    • Infrequent Access(IA)
    • Archive
    • Lifecycle Policy - Standard to IA
  • Enable to EC by security group not ip
  • Types:
    • Application Load Balancer - routing table based on hostname, path, header or querystring. X-Forwarded-For/Port/Proto. Target group can be by ip, instance or lambda.
    • Network Load Balancer - 1 EIP, TCP/UDP, NLB can have sub ALB
    • Gateway Load Balancer - target group is 3rd-party. GENEVA protocol 6081.
  • Multi Az but spread across Region
  • Access via DNS except for Network that has ip
  • Can have healthcheck
  • Sticky Session
    • Only GLB no sticky
    • AWSALB and AWSALBAPP is for application based cookie
    • AWSALB and AWSALBTG is for duration based cookie
  • Cross Zone Balancing - enabled and not by instance, but sub-sub zone.
  • Server Name Indication(SNI) - solve multiple TLS certificate onto one webserver/ALB.
  • Connection Draining - allow EC2 to finish all request before shutdown. Time based, 0 is disabled.
  • Launch Template to define AMI, Instance Type, EBS Volume, Security Group, SSH key pair, IAM Role, VPC, LB
  • Specify Min, Max and Initial
  • Can use Cloudwatch as alarm
  • Health check can be for both EC2 / ELB, health check terminates the EC2.
  • Scaling strategy Scheduled, Predictive(AI), Dynamic(resource), default is 30second cooldown.
  • Able to integrate with CloudWatch(with custom metric) to trigger alarm, and configure scaling to run based on alarm.
  • Auto scale, if free storage *lt; 10% and for 5minutes
  • 6 hours past last configuration.
  • 1 master multiple Replica
  • Supported Postgres, MySql, MariaDB, Oracle, SqlServer, DB2, Aurora
  • Multi Az support does not require connection string change. (Only read replica required)
  • Replica
    • Up to 15 read replica
    • Free if same Az
    • Sync for multi Az
    • Ansync (Eventually Consistent) for same Az
  • Aurora
    • Auto Multi Az & Multi Region
    • Regional cluster with 1 writer endpoint and reader endpoint
    • Only 4 replica up only can write, 3 replica up only can read.
    • Machine Learning by SageMaker and Comprehend
    • Can have custom endpoint(a reader endpoint) to point specific instance.
    • Can use serverless - Aurora Fleet
    • Global Aurora - Cross Region or Global DB (1 primary region, up-to-5 secondary region, up-to 16 read replica per region)
  • RDS Proxy - db connection pool and must be private!
  • ElasticCache
    • Redis Auth - IAM, use password token or SSL
    • Memcache - supports SASL based authentication
    • Redis supported sorted set guaranteed.
    • Pattern
      • Lazy Loading
      • Write through(add/update db)
      • Session Store(ttl)
  • RDS Custom - only Oracle and SQL Server, can SSH to do patch.
  • Security
    • Data encrypted at rest, but KMS must be defined on creation.
    • Master not encrypted, replica is not
    • To encrypt an unecrypted, go snapshot route
    • IAM Authentication except Oracle and SqlServer, but can SSH
    • Audit log can be sent to Cloud Watch
    • Security Group to control network.
  • Backup auto every 5mins. Aurora cannot be disabled)
  • Backup snapshot is 1 to 35 days.
  • Backup Snapshot only restores to new DB and only MySQL/Aurora support from S3. Aurora used percona to do it.
  • Cloning feature only available for Aurora.
  • Record Types:
    • A - map hostname to ipv4
    • A (alias) - like CNAME but have native healthcheck, can set APEX but not TTL
    • AAAA - map hostname to ipv6
    • CNAME - map hostname to hostname
    • NS - name server for hosted zone
  • Routing Policy:
    • Weighted
    • Simple - multiple A with random
    • Latency - closest, but you need to set region yourself
    • Failover - one primary, one secondary
    • Geolocation - same as latency, but specify country. If default is set means have default.
    • geoproximity - weighted region
    • ip base routing - use CIDR
    • multivalue - like simple but add health check
  • Health Check
    • Calculated Health Check - up to 256 & can be OR/AND, 30 seconds interval with 18% of 2xx or 3xx
    • Private Hosted Zone - Have to go thru CloudWatch
  • Cannot route based on path
  • Different than ALB, loadbalanced by region, health check is by TTL
  • Bucket name is globally unique and region based
  • Naming is lowercase + number + only allow dash (-) except -s3alias and --
  • Key consist of prefix(path) + object_name
  • Max 5MB and big upload is via multi-part
  • Security
    • Userbase (IAM)
    • Resource based - Bucket Policy / Object ACL / Bucket ACL
    • Can be encrypted
    • S3 have a Block public access and highest even from IAM and Resource control. Means this have to be enabled before Bucket policy
  • Support make S3 as static website
  • Versioning
    • When disabled all object have version = null. Important for on and off versioning.
    • Suspend versioning does not delete prev version
    • Delete versioning only add DELETE MARKER
    • If delete a file with version (show version), it is Permanent Delete
  • Replication
    • Same Region Replica
    • Cross Region Replica
    • Only new objects are replicated, but can use S3 Batch Replica to do old
    • Able to replicate DELETE MARKERS but need to be enabled. NOTE: records with version are not replicated.
    • No chain - do not support bucket 1 TO bucket 2 TO bucket 3
  • Types:
    • Standard - have > 3 zones
    • Infrequent Access
    • Intelligent Tiering
    • One Zone IA
    • Glacier Storage
      • Instant Retrieval - like I/A min 90days
      • Flexible Retrieval - take 1 - 5 min, 3 - 5 hours, 5 - 12 hours
      • Deep Retrieval - 12 - 48 hours
  • Possible to make requester pays for S3.
  • S3 Lifecycle
    • use Storage Class Analysis - a tool for Standard and Standard IA to help analyze a report between 24-48 hours
    • Move non-current version and can set to permanent delete too.
    • Can have delete non-complete multi-part objects
    • Rules can be added to tags.
    • Can add delete on expire.
  • Event supported Event Bridge, Lambda Function, SQS, SNS
  • Transfer - Transfer Acceleration via multipart, s3 byte range transfer, batch via s3 select
  • S3 storage lens - analyze object, discover anamolities, cost efficiency. split to:
    • Organization
    • Account
    • Region
    • Bucket
  • Encryption: (policy runs before encryption so header can be checked.)
    • SSE KMS - cheaper for custom with bucket key
    • DSSE KMS - 2 x faster
    • SSE-C - https with a key but still via kms, s3-x-ams-server-side header
    • Client side encryption
  • Other features include:
    • CORS
    • MFA Delete
    • Access logs
    • Presigned URL - up-to 12 hours, can even delete or upload
    • Object Lock
      • Compliance (fixed)
      • Goverenence (some can change)
      • Retention Period (can extend to indefinitely)
      • Legal Hold (with s3:PutObjectLegalHold role, one can change it)
    • Access Point: Good for s3 Lambda Function
  • Always us-east-1 server
  • Underlyer of API-Gateway
  • Can use geographic restriction
  • If to allow ec2 need to find all edge locations
  • 3 class
    • All
    • class 200 - except south america and australia
    • only US and Europe
  • use anycast to nearest edge
  • Have 1 static ip
  • Can do health checks
  • For Elastic ip, ec2, ALB and NLB

AWS Certified Cloud Practitioner

  • Spot Instances
  • On Demand
  • Reserved Instances (1 yr / 3yr)
  • Convertible Reserved Instances (Only 1 Available Zone)
  • Savings Plan (min usage of RI)
  • Dedicated Hosts (License)
Responsibility for Patch Management, Configuration Management and Awareness and Training
  • Business Perspective
  • People Perspective
  • Governence Perspective
  • Platform Perspective
  • Security and Operation Perspective
  • Rehosting
  • Replatforming
  • Retire
  • Repurchase
  • Refactoring and Retaining / Rearchitecture
Operation Excellence → Security → Reliability → Performance Efficiency → Cost Optimisation → Sustainability
  • Trade Fixed Expenses for Variable Expenses
  • Benefit from Massive scale of Economics
  • Stop Guessing Capacity
  • Increase Speed & Agiity
  • Stop Spending money running & maintaining data center
  • Go global in minutes

Sun Java Certified

Old collection without streaming/parallel capabilites with Java 1.2.

Functional Programming Principal In Scala

Synthetic sugars to use collection correctly without side-effects.
Concept of val and const that prevents immutability and to use collections (Haskell like) trigger.
Understanding the concept of programming paradigm. Like higher order functions, currying.
Using match and generics. Was not too strong on this.
Boost of confidence in writing good programming functions and ease pickup of both Kotlin and Javascript.