3 - Compute

Question 1

What are the models to hire EC2 instances?

Answer 1

On-demand: pay per second (linux) or per hour (windows)

Reserved instances

Spot instances: placed a bid price. If AWS terminate, you don’t pay for the part-hour. If you terminate, you pay for full hour

Question 2

What are the options for reserved instances?

Answer 2

Can be 1 or 3 year terms with full, partial or no upfront payment.

Standard RI is a fixed instance type and platform provided continuously

Convertible RI allows the instance type and platform to be exchanged for another convertible RI of equal or greater price

Scheduled RI is for particular time windows (daily, weekly or monthly)

Question 3

How can EC2 instances use IAM?

Answer 3

Roles can be attached at launch or while they are running

Question 4

What are the available instance types?

Answer 4

F1 - FPGA
I3 - high-speed storage
G3 - graphics
H1 - high-disk throughput
T2 - low cost

D2 - dense storage
R4 - memory optimised

M5 - general purpose
C5 - compute optimised
P3 - GPU
X1 - extreme memory i.e. for SAP

Use the mnemonic “FIGHT DR McPX”

Question 5

How are EC2 instance monitored?

Answer 5

With instance checks, and health checks

Question 6

in the context of EC2 instances, what are instance checks?

Answer 6

Instance checks are run every 5 minutes; additional charges apply for 1-minute monitoring

System status checks ensure the infrastructure is working by attempting to reach the hypervisor

Instance status checks ensure the instance is healthy by reaching the OS

Question 7

What are health checks?

Answer 7

Health checks monitor EC2 instance metrics to determine whether they are healthy.

The healthy and unhealthy thresholds are the number of consecutive checks that must be passed/failed before the instance is declared as unhealthy or healthy again

Question 8

What CloudWatch metrics are available?

Answer 8

The default metrics are CPU, disk operations, network and status checks.

A CloudWatch agent can be installed to upload the application logs.

Custom metrics can be implemented i.e. RAM usage and available disk space

Question 9

How can instances access information about themselves?

Answer 9

Using the metadata service at http://169.254.169.254/latest/meta_data

Question 10

How are EC2 instances protected?

Answer 10

Connections require a key pair consisting of a public and private key (the latter cannot be regenerated)

Security groups control traffic to and from the instance.

Question 11

How do security groups work?

Answer 11

They are attached to one or more instances in a single VPC.

They are stateful - if traffic sent by an instance is allowed, the return traffic will be too.

Security group rules only allow traffic - everything is blocked by default.

Multiple security groups can be attached to one instance. It is possible to attach multiple SGs to one instance

Question 12

Can one instance have multiple security groups?

Answer 12

Yes.

Question 13

Can security groups block specific IP addresses?

Answer 13

No

Question 14

What are the basics of EBS?

Answer 14

They are virtual drives that can be attached to EC2 instances.

They are placed in a specific AZ but are replicated to protect against component failure.

EBS volumes must be in the same AZ as the instance they are mounted to

Question 15

What EBS volume types are available?

Answer 15

• GP2
• IO1
• ST1
• SC1
• Magnetic Standard

Question 16

What is the GP2 volume type?

Answer 16

This is the default option. It is bootable and balances price with performance.

It provides 3 IOPS per GB up to 10,000 IOPS

Volumes of at least 3334 GB can burst up to 30,000 for extended periods of time

Question 17

What is the IO1 volume type?

Answer 17

They can be provisioned for up to 10,000 IOPS for consistently high performance

Question 18

What is the ST1 volume type?

Answer 18

Throughput optimised HDD - it isn’t bootable but is ideal for big data

Question 19

What is the SC1 volume type?

Answer 19

Cold HDD - it is the lowest-cost EBS option but isn’t bootable

Question 20

What is Magnetic Standard?

Answer 20

A legacy offering that can be used as a boot drive

Question 21

How are EBS volumes managed?

Answer 21

The capacity of all volume types (except Magnetic Standard) can be increased while the device is running, even if it’s a boot volume

By default, root EBS volumes are deleted on instance termination. Other volumes persist.

Snapshots can be made periodically.

Question 22

Why is it important to prevent accidentally terminating EC2 instances? How can this be done?

Answer 22

By default, root EBS volumes are deleted on instance termination.

Termination protection adds an extra step to terminating instances. It is off by default.

Question 23

How do EBS snapshots work?

Answer 23

It is recommended - but not necessary - to stop instances before snapshotting their volumes

Snapshots are incremental and are stored in S3. They can be moved between AZs, copied to other regions, and converted into AMIs

Snapshots and AMIs of encrypted instances are encrypted by default

Question 24

How do AMIs work?

Answer 24

Instance stores have a volume copied from S3 to ephemeral storage as their root device. They cannot be stopped; if the underlying host fails, the data is lost

EBS based AMIs do not lose data if the host fails

You can’t delete a snapshot that is being used as the root device of a registered AMI

Question 25

Under what conditions can EBS volumes be encrypted?

Answer 25

It’s not possible to encrypt root volumes of default AMIs - either use a third-party tool or AMI

Additional volumes can be encrypted as-is

Question 26

Can snapshots and AMIs be shared between accounts?

Answer 26

Yes, but not if they are encrypted as the encryption keys are stored in the account

Question 27

What are the key use cases for RAID arrays?

Answer 27

Even more IOPS or redundancy is required

Question 28

What is a key consideration when managing RAID arrays?

Answer 28

Taking a snapshot excludes data in the cache - this is problematic as it is purely software; EC2 doesn’t support hardware RAID

As such, it is recommended to take an application consistent snapshot by first freezing the file system, unmounting the RAID array, or shutting down the instance

Question 29

How do placement groups work?

Answer 29

There are two kinds:

• Clustered placement groups place instances in the same AZ
• Spread placement groups create instances in separate AZs

Only certain instance types support placement groups. Amazon recommends that all instances in a group are the same type.

Instances can only be added to groups at launch time.

Question 30

What load balancer types are available on AWS?

Answer 30

Application Load Balancers operate on Level 7, allowing intelligent routing decisions

Network Load Balancers operate on Layer 4 and so are used where high-performance is required

Classic Load Balancers are a legacy offering that allows for some Layer 7 functions i.e. sticky sessions

Question 31

What happens if a load balancer can’t reach the backing servers?

Answer 31

You get an Error 504: Gateway Timeout

Question 32

Can backing servers see the IP of the original client?

Answer 32

Yes as load balancers pass along the X-Forwarded_for header

Question 33

What are auto-scaling groups used for?

Answer 33

Managing demand and failing instances

Question 34

How do auto-scaling groups work?

Answer 34

They maintain a fleet of EC2 instances at the desired count. This count can be modified based on CloudWatch Alarms using scaling policies

They are generally configured to receive traffic from ELBs. Health checks are continuously performed for their instances.

Question 35

Which services can trigger Lambda functions?

Answer 35

API Gateway, Alexa Skills, AWS IoT, CloudFront, CloudWatch Events and Logs, CodeCommit, Cognito Sync, Kinesis, S3, SNS and DynamoDB

Question 36

What are the advantages of containerisation?

Answer 36

It provides better control over dependencies, ensures consistent deployments, and isolation between applications on a server

Question 37

What are the key concepts of Docker?

Answer 37

An image contains everything to build a container. A DockerFile contains the actual instructions to do this

Question 38

How does ECS work?

Answer 38

It runs containers on a fleet of EC2 instances or FarGate

It’s a regional service but can span multiple AZs and can work within a VPC

Tasks to run are specified by the Task Definition, which defines the images to use, resources to assign, and the Desired Count

Question 39

What is required for EC2 servers to run ECS tasks?

Answer 39

The ECS Container Agent, which is only working on EC2 and only on Linux

Question 40

How are permissions applied to ECS?

Answer 40

The server needs an IAM role to access the ECS service; separate roles can be assigned to each task

However, security groups apply at the instance level - not to individual tasks

Question 41

How are ECS tasks scheduled?

Answer 41

An ECS Cluster is a logical grouping of instances. They are region specific and can include a mixture of instances.

The Service Scheduler automatically maintains the desired count and reschedules tasks if they fail. It allows a task to be registered against an ALB.

A Custom Scheduler allows direct management using an API