Amazon Elastic Cloud Computer (EC2) Flashcards

1
Q

EC2

A

Elastic Cloud Computing.

  1. Service on AWS that allows us to provision re-sizable computing environments.
  2. Referred to as an instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Instance

A

An EC2 re-sizeable computing environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When creating an instance, what can you customize (3)

A

Hardware, OS, software running on instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where is an EC2 provisioned?

A

On a host machine within a given availability zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

There can be multiple isolated guest environment on an EC2. (True or falese?)

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bare Metal Access

A

An option in EC2.
1. Computing application (or any applications running on it) have direct access to CPU and memory resources on the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Creating an EC2 instance. What are the variables user can select? (6)

A
  1. Type
  2. Size
  3. Number of Virtual CPUS (vCPUs)
  4. Amount of RAM
  5. Configured with specific level of network throughput.
  6. Can be configured with high graphics cards / high performance disks (optional)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of EC2 instances. (5)

A
  1. General Purpose - balanced mix of CPU, RAM, other resources.
  2. Compute Optimized - Relatively high amount of CPU
  3. Memory Optimized - Relatively high amount of RAM
  4. Storage Optimized - Relatively high amount of storage and throughput
  5. Accelerated Computing - Dedicated graphics processing units (GPU) or Field programmable gate array resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How to choose an EC2 instance?

A

Select size based on current workload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you resize a current EC2 instance?

A
  1. Stop instance.
  2. Modify instance type attribute
  3. start instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

EBS

A

Amazon Block Store.

  1. Similar to a hard drive in that block storage volumes offer read/write access at a block level.
  2. Can be attached to a specific instance
  3. Ideal for installing OS, apps, persistent data
  4. Can be encrypted
  5. Decoupled from physical host machine
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

2 Types of EC2 storage

A

Persistent and Temporary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Persistence Block Storage

A

One type of EC2 storage.

1. Configure during

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Decoupled

A
  1. EBS can detach and reattache to a different host machine in the same availability zone.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EBS optimized instance

A
  1. Reserves dedicated network bandwidth for EBS volume traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

EBS snapshot.

A
  1. The data associated with the snapshot is replicated across multiple availabilty zones automatically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Temporary storage.

A
  1. mounts instance locally on physical host running the instance
  2. Good for high performance storage.
  3. Caching, temporary files
  4. Can use in any case where application is already replicating data
  5. Since it’s physically attached to host, read/write is relatively high
  6. Data persists only while instance runs on host (and across reboots), but data is deleted when instance is stopped or terminated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

AMI

A

Amazon Machine Image

  1. Template for OS and applications on root volume of Instance.
  2. Can allocate additional volumns.
  3. Several different time of AMIs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

VPC

A

Virtual Private Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Elastic Network Interfaces

A
  1. Linked to a software-defined network on Amazon VPC.
  2. Each instance is assigned a primary network interface linked to a subnet within an Amazon VPC
  3. Default is a subnet within Amazon VPC.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Private vs. Public IP in VPC.

A
  1. Private for communicating within VPC.

2. Public for communicating over the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

VPC Security Group

A
  1. Used to protect incoming/outcoming traffic (like a firewall)
  2. Security rules must allow for a connection for it to be successful.
  3. Can attach additional network interfaces (with their own IP addresses).
  4. The sheer number of network interfaces has no effect on throughput of an instance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Network throughput and bandwidth on VPC depends on what 2 things?

A
  1. Instance Type

2. Instance Size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Linux-based OS provides access via what? (EC2 instance)

A

Secure Shell (SSH)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Windows-based sign-in default is what? (EC2 instance)

A

Remote Desktop Protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Default user Linux EC2 instance

A

ec2-user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Default user Linux Ubuntu EC2 instance

A

Ubuntu

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Default user Windows EC2 instance

A

administrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Named EC2 key pairs components.

A

Public (AWS stores) and Private (user must keep safe)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

EC2 instance lifecycle, what are the primary states?

A

Running, stopped, terminated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

EC2 instance lifecycle, what are the intermediary states?

A

pending, shutting down, stopping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

When are EC2 costs charged?

A

While running. There can be charges associated in a stopped state for data storage though.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

IMDS

A

Instance Metadata Service.

1. Enables code running on an EC2 instance to discover properties about the instane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

IMDS IP address

A

Instance Metadata Service has a special IP address: 169.254.169.254

  1. This can be queried using HTTP to get metadata information
  2. Including: instance itself, credentials resulting from IAM role, retreive user data during launch to boot strap information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

VPC

A

Virtual Private Cloud.

  1. Comprises logically isolated networks within an AWS account, networks or software defined can span all availabilty zones within a particular AWS region.
  2. We maintain complete control over VPC connectivity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

CIDR notation

A

Define a VPC with blocks of addresses specified in an classless inter-domain routing.
1. CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash (‘/’) character, and a decimal number. The trailing number is the count of leading 1 bits in the routing mask, traditionally called the network mask.

37
Q

By default VPCS are not isolated, true or false.

A

False. They are isolated by default. Can’t communicate with other networks, including the internet, unless explicitly given permission to do so.

38
Q

List the VPC gateway types.

A
  1. Egress only internet (IVP6 - allows outbound traffic only.)
  2. Amazon VPC endpoints - allows traffic from a VPC to a specific AWS service or 3rd party SaaS without internet gateway.
  3. AWS Transit Gateway - allows us to centrally mange connectivity between multiple VPCS on a prem environment with single gateway
  4. Amazon VPC peering - establishes peer relationships between VPCs, traffic privately routed from one VPC to another
  5. Virtual Private Gateway - allows us to establish a private connection to a corporate network (VPN or direct connection DX)
  6. Internet Gateway - highly connected, allowing outbound and inbound traffic
39
Q

VPC IP address types.

A
  1. Private - IP V4, not reachable from internet. Used for private communication b/n VPCs or Corporate networks.
  2. Public - IP V4 that are reachable from the internet. AWS automatically manages them. Association only persists while instance is running and cannot be manually managed.
  3. Caveat is the Elastic IP Address - IP V4 that is reachable from the internet but we can manage the association b/n instances and IP addresses.
  4. IP V6 - IP V4 and IP V6 operate separately, can use either protocol or both protocols.
40
Q

VPC Subnet

A
  1. Subnets are linked to availabilty zones within the region where the VPC is deployed.
41
Q

Subnet

A
  1. VPCs have subnets.
  2. A subnet is linked to an availabilty zone within a given region where the VPC is deployed
  3. Each subnet is allocated its own block of private IP addresses, defined by CIDR (classless inter-domain routing)
42
Q

Launching a subnet

A
  1. Subset of the IP address range do not overlap with any other subset.
  2. When launching an EC2 instance, the primary network interface is assigned a private IP V4 address automatically from a CIDR subnet.
  3. Usually we create 2 instances, one that we launch when we want to reach the internet (public, ex: webserver) and one for the backend (private ex: database)
43
Q

AWS Routing Tables

A
  1. Routes defined in a route table define network traffic.

2. Network traffic is controlled with routes

44
Q

Local route

A
  1. Each route table has a specific rule, “local route”
  2. This rule allows traffic from an instance in one subnet within a VPC to traffic within any other subnet in the same VPC
45
Q

Route parts

A
  1. Destination
  2. Target
    - When launching a public EC2 instance, must assign a public IP address to the instance.
    - Without one, the instance will not be able to communicate across the internet.
46
Q

AWS VPC Security Groups

A
  1. A security group operates as a stateful firewall
47
Q

How to define Security Group roles.

A
  1. Specify the source or destination

2. Define protocol and ports that we want to allow

48
Q

Types of Security Groups

A
  1. Inbound - allows us to control source, protocols and ports of inbound traffic.
    - Ex: When configuring a Linux instance, we specify the incoming rule to allow SSH traffic over port 22
  2. Outbound Security Groups - allows us to control destination, protocols and ports for outbound traffic.
    - Ex: the default outbound rule is assigned to a security group to allow all outbound protocol and ports to all destinations. We can tighten these rules by removing the default and adding our own instead.
49
Q

ACL

A

Access Control Lists (in the context of a VPC)

  1. Allow an admin to control traffic entering/leaving a subnet.
  2. Consists of inbound/outbound rules that may be linked to multiple subnets within a specific VPC.
  3. ACL acts as a stateless firewall against traffic inbound/outbound to a specific subnet
    - stateless means it doesn’t track connection/ replies
  4. Therefore, both inbound/outbound rules must allow it on the network ACL.
    - i fa network ACL is not specified then for a subnet then it gets associated with the default network ACL for the VPC (which allows all inbound/outbound traffic)
50
Q

AWS Shared Responsibility Model

A
  • Responsibility is shared between AWS and the customer
51
Q

In Shared Responsibility Model, AWS is responsible for:

A
  1. Security of physical/ hardware infrastructure (AWS Regions and Availablity Zones, restricting access to servers and physical networks.
  2. Core Software (Compute, storage, database, network services)
  3. AWS Edge Cases
52
Q

In Shared Responsibility Model, the customer is responsible for:

A
  1. Security on the cloud
  2. Making secure choices when configuring the infrastructure (including data encryption)
    - Data encryption: client-side, server-side, in transit
  3. Platform, application, access, including suitable firewall rules
  4. OS, network, firewall configuration
  5. Controlling network traffic
53
Q

Ex: Shared Responsbility Model EC2 instance. Amazon vs Customer responsbilities.

A
  1. Amazon: underlying core software on physical host machines (including virtualization layer)
  2. Customer: Sensitive data stored on guest OS
    - ensuring OS is patched regularly
    - note: AWS provides tools like system manager to help with these responsibilities (can automate patching, but still ultimately lies with user)
    - managing user accounts/ guest operations
    - security on any applications installed on the instance
54
Q

How to launch an EC2 instance.

A
  1. Log into AWS MC with IAM user.
  2. EC2 instance
  3. Launch instance, Choose an AMI (Amazon Machine Image)
  4. Chose a free tier option
  5. Selected and created new key pairs
  6. launch instance
  7. Can view state in EC2 dashboard
55
Q

How to Connect via SSH.

A

Secure Shell.

  1. Connect to EC2 instance with SSH
  2. Log in as IAM user
  3. EC2 Console:
    - Running instance (ensure it’s selected)
    - Connect
    - 3 options: EC2 Instant Connect (browser based SSH connection)
    - Session Manager
    - SSH Client
  4. Choose SSH - copy the SSH command under “Example”
  5. Open Powershell
56
Q

Powershell commands to run an EC2 instance.

A
  1. (point to user folder)
  2. cd downloads
  3. paste ssh command
  4. yes
  5. ps aux (to see what’s running)
  6. exit (to close connection)
57
Q

3 options for EC2 Instant Connect.

A
  1. EC2 Instance Connect (browser based SSH connection)
  2. Session Manager
  3. SSH Client
58
Q

2 file options for saving key pairs.

A
  1. pem = open SSH

2. ppk = Putty

59
Q

VPC

A

Amazon Virtual Private Cloud

60
Q

Configure VPC

A
  1. sign in as admin IAM
  2. Create key value pair
  3. Launch VPC wizard
  4. Select VPC Configuration
    - This plus the creation of key value pairs will allow us to now deploy EC2 instance into
61
Q

VPC Configuration Options.

A
  1. VPC w/ Single Public Subnet
  2. VPC w/ Public & Private Subnets
  3. VPC w/ Public & Private Subnets & Hardware VPN Access
  4. VPC w/ Private Subnet Only and hardware VPN Access
62
Q

In a Single Public Subnet

A
  1. IPv4 Private CIDR = /16

2. IPv4Public CIDR = /24

63
Q

Hardware tenancy options in VPC configuration.

A
  1. Default

2. Dedicated

64
Q

RDP Port Range

A
  1. 3389.

2. Protocol: TCP

65
Q

SSH Port Range

A
  1. 22

2. Protocol: TCP

66
Q

Create a Security Group

A
  1. EC2 MC
  2. Network Security -> Security Groups
  3. Create New SG.
  4. Name it. ex: webserver-group
  5. Description: ex: allow SSH access to webserver
  6. Select VPC options (you’ll see one you already created)
  7. Add inbound rules
    - Add an SSH type, under source options = MyIp
  8. Outbound rules allow all traffic (default)
    - Now we have created a security group that we can use to deploy our EC2 instance into and ensure only our IP address has access to webservers over port22
67
Q

Inbound Rule options for Security Group creation

A
  1. Custom
  2. Anywhere
  3. MyIp
68
Q

Configuring Instance Details, Storage, Tags

A
  1. EC2 dashboard
  2. Create an instance
  3. Configure details
    - number of instances (can choose multiple) with scaling
    - purchasing options
    - choose VPC
  4. Add storage, need root volume
  5. Add tags, like name
  6. Configure Security Group (add a new one or use existing)
  7. Get key pair (new or existing)
  8. Connect to instance through powershell
69
Q

Describe EBS volumes

A
  1. Reliable, high - availablity storage volumes that can attach to any running instance in same availablity zone
70
Q

Allocating Elastic IPs. 4 components

A
  1. Allocate
  2. Associate
  3. Disassociate
  4. Release
71
Q

How to allocate an Elastic IP

A
  1. Must allocate elastic IP to your instance or network interface.
  2. Network settings -> Elastic IP
    - now will have a public IPv4 address
    - add key and value (ex: name static IP)
  3. Associate the Elastic IP
    - open the instance and associate
  4. Disassociate
    - Network Settings -> Elastic IP
    - disassociate
  5. Release Elastic IP
    - in Elastic IP dashboard
    - Actions -> release
72
Q

Why do you want an elastic IP?

A
  1. An elastic IP address is a static IP
  2. Normally if running instances, when you start and stop them your public IP gets reset each time
  3. With an elastic IP you can start and stop instances and the public IPv4 and public DNS will remain
73
Q

Installing and Updating Software on EC2 instance.

A
  1. EC2 dashboard, open running instance
  2. Description section, copy SSH Command
  3. Open Powershell
    - cd downloads paste
    - now connected to server (ex: amazon linux 2 machine image)
  4. Ensure software packages are up to date
    - sudo yum update -y
    - -y suppresses the confirmations
  5. Install Apache
    - sudo yum install -y httpd
  6. Start Apache Service
    - sudo systemctl start httpd
  7. Configure Apache Webserver to start each time system is booted
    - sudo systemctl enable httpd
  8. Verify that httpd is running
    - sudo systemctl is-enabled
  9. Add Security Group rule to allow inbound traffic over port 80
    - Descriptions -> security groups -> open group
    - add rule
    - select HTTP Custom, allow all traffic CIDR (0.0.0.0/0)
  10. Return to instance, copy the public DNS
  11. open browser and paste
    - now Apache test page loads so it’s wokring
74
Q

HTTP CIDR block

A

0.0.0.0/0

75
Q

command line: check if packages are up to date

A
  1. sudo yum update-y

- y suppresses the confirmations

76
Q

command line: install apache

A
  1. sudo yum install -y httpd
77
Q

command line: start apache webserver

A
  1. sudo systemctl enable httpd
78
Q

command line: verify httpd is running

A
  1. sudo systemctl is-enabled
79
Q

Configuring Webserver Document Root Privileges

A
  • Goal to allow EC2 account to manipulate files in a directory. Need to modify ownership and permissions.
    1. Add EC2 user to Apache user group
    2. Assign Apache group ownership of “var www” directory
    3. Assign write permisions
    4. EC2 dashboard - connect webserver instance, copy ssh connection
    5. Powershell
  • cd downloads paste
  • now we’re connected
    6. Add EC2 user to apache group
  • sudo usermod -aG apache $USEr
    7. Pick up new group for session
  • newgrp apache
    8. View membership in group
  • groups
    9. Change group ownership of “var www” to content of Apache user group
  • sudo chown -R ec2-user: apache /var/www
    10. Add group write permission, set permissions for var www and sub directories
  • sudo chmod 2775/var/www&&find/var/www-type-d-exec sudo chmod 2775 {} \;
    11. Add group write permission in recursive manner
  • find /var/www/ type f -exec sudo chmod 0664 {} \
  • now EC2 user and any future members of apache user group can add, delete, edit files in apache root for server
    12. Add output in index.html (so don’t just see apache test page)
  • echo “hello world … $(users) on $(hostname -f)”>/var/www/html/index.html
    13. to view webpage, copy public DNS and paste into web browser
80
Q

Configure webserver document root privileges: Amazon Linux 2 Apache document root

A
  1. “var/www/html”
81
Q

Configure webserver document root privileges: add EC2 user to apache group

A
  1. sudo usermod -aG apache$USER
82
Q

Configure webserver document root privileges: pick up new group for session

A
  1. newgrp Apache
83
Q

Configure webserver document root privileges: change ownership of “/var/www”

A
  1. sudo chown -R ec2-user: apache /var/www
84
Q

Configure webserver document root privileges:Add group write permission, set permission for var www and subdirectories

A
  1. sudo chmod 2775 /var/www && find /var/www-type d-exec sudo chmod 2775 {}\
85
Q

Configure webserver document root privileges: add group write permissions (recurisve)

A
  1. find /var/www/ type f -exec sudo chmod 0664 {}\;

- now EC2 user and any future memers of apache group can add, delete, edit files in apache root server

86
Q

Configure webserver document root privileges: add output in index.html

A
  1. echo “hello world…$(users) on $(hostname -f)” > /var/www/html/index.html
    - this will add command into index.html which will render user and render host name of machine when they navigate to the webpage
87
Q

Configure webserver document root privileges: how to verify what will appear in browswer

A
  1. w get -q0 -local host
    - q suppresses “wget”’s output
    - ) documents will not be written to appropriate file but will be concatenated in powershell
88
Q

Configure EC2 instances with user data

A
  • goal: can bootstrap multiple instances at once and user data is passed to all instances
  • Need EC2 dashboard, code editor, powershell
    1. EC2 dashboard, launch new instance Amazon Linux 2 machine image
  • t2.micro
  • configure details at bottom scroll to bottom, we’ll fille this part in (options, as text, as file, input is already 64 based encoded)
    2. Code editor - write code
  • configure Amazon Linux 2 AMI, update SW packages
  • add ec2user to apache group
  • set folder and file permissions for document root
  • generate index.html in document root with bootstrapped message
    3. Configure security groups
  • HTTP CIDR open 0.0.0.0/0
  • ssh source - MyIP
  • select key pair
  • launch instance
    4. View instances (now both are running)
  • copy public DNS of first one and paste in browser
  • repeat for second
  • both instances have same user data but message is dynamic