AWS Fundamentals 1 Flashcards
Which contains what? AZ and Regions!
Regions contain multiple Azs
Azs are?
Physical data centers
Why are AZs Used?
For disaster recovery
Azs are not available in?
Consoles
IAM works with?
Users-Groups and Roles
What is default format for IAM policy writing?
JSON
How do we use groups and roles?
Groups = Usually by functions
Roles = for Internal AWS resources
IAM is a non managed policy?YN
No - IAM is a managed policy
What is the best practice to grant privileges?
Least privilege principle
IAM federation used for?
To connect with organizations and external applications. [Active directory.]
The standard is SAML
Big enterprises usually integrate their own repository of users with IAM
What is best practice to grant IAM role?
1 IAM role per person
1 IAM role per application
What is the worst practice for security while writing code?
Never write credentials in code
What is used for bootstrapping?
USER DATA
What should be the first line of USER data script?
/bin/bash
What are ECS laucnh modes?
On Demand - Reserved Instance - Convertible Reserved Instance - Scheduled Reserved Instance - Spot Instance - Dedicated Instance - Dedicated Host
Your whole AWS security is?
- Users
- Groups
- Roles
EC2 pricing is per?
- Region
- Type
- OS
The billing is done in first 60 sec block then rest per second basis
How can you have your own Instance?
By creating a custom AMI
IS AMI region specific?YN
Yes
What are the characteristics of an AMI?
RAM - CPU - I/O - Network - GPU
Security Groups can reference?
Ips - CIDR Blocks - Other security groups
What are the differenct types of Load Balancers?
- Classic Load Balancer - 2006
- Application Load Balancer - 2016 Layer 7
- Network Load balancer - 2017 Layer 4
Application server can use following protocols?
Http - Https - Websockets
How can we get client id from the instance while it is fronted via ALB?
By looking at X-Forwarded-For header
NLB works with which protocol?
TCP traffic
ALB works with security via?
SSL and SSL termination
Service for Renting virtual machines?
EC2
Service for Storing data on virtual drives?
EBS
Service for Distributing load across machines?
ELB
Service for Scaling the services?
ASG
Security groups are acting as?
firewall
Security groups regulate?
Access to Ports - Authorised IP ranges – IPv4 and IPv6 - Control of inbound network (from other to the instance) - Control of outbound network (from the instance to other)
Security groups can be attached to multiple instances?YN
Yes
Security groups are locked down via?
Region
Security groups live outside EC2?YN
Yes
What is the problem If your application is not accessible (time out)?
Security group issue
What is the issue If your application gives a “connection refused“ error?
an application error or EC2 is not launched
What are the defults for security groups?
All inbound traffic is blocked by default - All outbound traffic is authorised by default
Why is elastic ip useful?
On instance start/stop it does not change.
what is the command to ssh to EC2 instance?
ssh -i ec2-user@
what if the command to ssh fails error 0644 and syntax its correct?
The issue is that perm file is insecure - use chmod0400
Subnet represent?
Azs
Auto scaling is done via?
Cloud watch alarms- trigger and monitoring - done on averge values
Is ASG free service?YN
Yes
What does Load Balancer work with?
Target groups
EBS is locaked at?
AZ level
EBS increase or scaling is done via?
Size and IOPS(only for IO1)
How do you secure EBS?
Secure via Encrypted EBS - Data secure inflight and at rest - uses KMS and AES 256
Load balancers provide?
DNS - never use underlying IP
