08 - How to Encrypt an EBS Volume Attached to EC2 Lab Flashcards

1
Q

EBS Volume

A
  • EC2 Instances and EBS Volumes must be in the same Availability Zone
  • You can modify all volume attributes, except for Magnetic Storage Drives
  • To move EBS volumes from one AZ to another AZ you need to create a snapshot
    • You can copy the snapshot to the alternate AZ
    • Then you create an image based off the snapshot
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Encryption Restrictions

A
  • Volumes that are created from encrypted snapshots are automatically encrypted
  • Volumes that are created from unencrypted snapshots are automatically unencrypted.
  • If no snapshot is selected, you can choose to encrypt the volume.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Encrypting Root Volume

A
  • You can encrypt the root volume (the volume the OS is installed on) when using operating system encryption
  • You can encrypt the root volume by first taking a snapshot of that volume, and then creating a copy with encryption enabled
  • You can make an AMI of this snapshot and deploy the encrypted root device volume
  • You can encrypt additional attached volumes using the console, CLI, or API
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Volumes - Summary

A

Volumes:

  • Volumes exist on EBS
  • Volumes are Virtual Hard Disks
  • Volumes must always be in the same availability zone as the EC2 instance
  • Volume sizes can be adjusted on the fly, including changing the size and storage type
  • To move an EC2 volume from one availability zone / region to another, take a snapshot or an image of it, then copy it to the new AZ / Region
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Snapshot - Summary

A

Snapshots

  • Snapshots exist on S3
  • Snapshots are a point in time copies of volumes
  • Snapshots are incremental (first snapshot takes longer) - this means only the blocks that have changed since your last snapshot are moved to S3
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Snapshot of Root Device Volumes

A

Snapshot of Root Device Volumes

  • To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot
  • However, you can take a snap while an instance is running
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AMI’s

A

AMI’s

  • You can create AMIs from both Volumes and Snapshots
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security

A

Security

  • Snapshots of encrypted volumes are encrypted automatically
  • Volumes restored from encrypted snapshots are encrypted automatically
  • You can share snapshots with other people, but only if they are unencrypted
    • These snapshots can be shared with other AWS accounts, or made public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

EFS

A

EFS

  • Centralized file storage
  • User-level & directory level privileges
  • Perfect file storage, allows multiple EC2 instances to connect
  • Access Behavior
    • Read after write consistency
    • EFS can be mounted simultaneously by multiple EC2 instances
    • Data on EFS can be accessed by multiple EC2 instances at once
    • EFS can support thousands of concurrent NFS connections
    • User-level & directory level privileges

Storage

  • Storage capacity is elastic (growing and shrinking automatically)
  • Is block-based storage (NOT object-based, not S3)
  • Only pay for the storage you use (no pre-provisioning required) (EBS requires you to create and attach the volume before it can be used)
  • Data stored across multiple AZ’s in a Region

Security

  • EFS instances must share the same security group as the EC2 instances that are accessing it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly