AWS Fundamentals

Question 1

What EC2 instance Type is best for high performance processors?
batch processing
media transcoding
high performance web servers
high performance computing
scientific modelling and machine learning
dedicated gaming servers?

Answer 1

Compute Optimized

Question 2

What EC2 Instance Type is best for fast performance for workloads that process large data sets in memory, such as
High performance databases
distributed web scale cache stores
In memory databases optimized for BI
Real time processing of big unstructured data

Answer 2

Memory Optimized

Question 3

What EC2 Instance type is great for storage intensive tasks that require high, sequential read and write access to large data sets on local storage?
Use Cases:
High frequency online transaction processing (OLTP) systems
Relational and no SQL dbs
In memory Cache eg Redis
Data Warehousing applications
Distributed file systems

Answer 3

Storage Optimized

Question 4

Key points of security groups

Answer 4

Only contain allow rules (but are statful)
Can be referenced by IP or security group
Region or VPC combination

Question 5

What does a time out on accessing the application tend to imean?

Answer 5

Security group issue
Connection refused is likely an app error or it’s not launched

Question 6

What protocol is port 22 used for?

Answer 6

SSH - log into a linux instance
also used for SFTP

Question 7

What protocol is port 21 used for?

Answer 7

FTP File transfer - upload files to a shared space

Question 8

What protocol is port 80 used for?

Answer 8

unsecured web sites HTTP

Question 9

What protocol is port 443 used for?

Answer 9

HTTPS secured websites

Question 10

What protocol is port 3389 used for?

Answer 10

RDP - Remote Desktop Protocol (Windows instance log in)

Question 11

EBS Volume 3 key points

Answer 11

Network (not physical) drive, can be detached from an EC2 instance and attached to another quickly

Locked to an AZ, would need to Snapshot for moving to another AZ

Has a provisioned capacity in GB and IOPS

Question 12

For default settings what happens when an EC2 instance is terminated?

Answer 12

By default the root EBS volume is deleted
Be default any other attached EBS Volume is persisted

Question 13

Where can you get an AMI (Customization of an EC2 instance - Amazon Machine Image)

Answer 13

Public AMI - AWS provided
Your own AMI
AWS Marketplace AMI (made by someone else)

Question 14

What is an EC2 Instance Store?

Answer 14

High performance hardware disk (EBS is a network drive)
with better IO performance
Good for buffer/scratch/cache data
Ephemeral

Question 15

What are the only EBS volumes that can be used as boot volumes?

Answer 15

gp2/gp3 (SSD - general purpose)
io1/io2 (SSD - highest performance)

Question 16

When would you use Provisioned IOPs SSD for EBS Volume

Answer 16

Critical business app
Sustained IOPs performance
> 16000 OPS
can be multi-attached

Question 17

When would you use HDD volume

Answer 17

st1: Throughput optimized
Big Data, warehousing , log processing

st2: Cold HDD
infrequent access
lowest cost is important

Question 18

What is multi attach EBS with io1/io2 family?

Answer 18

Attaching same volume to multiple EC2 instances in the same AZ
Apps must manage concurrent writes
up to 16 EC2 instances at a time
must use cluster aware file system

Question 19

Does EFS work with EC2 instances in multi AZ?

Answer 19

Yes

Question 20

What are the EFS Storage Tiers

Answer 20

Standard for frequently accessed
Infrequent (EFS-IA) cost to retrieve files

Question 21

How can you manage moving EFS data between Storage Tiers

Answer 21

Use a lifecycle policy

Question 22

Elastic Load Balancer - advantages

Answer 22

AWS Guarantee it will be working, they will upgrade it and allow easy configuration

Integrated with many AWS services

Question 23

Where is the Client IP for an ALB

Answer 23

inserted in X-Forwarded-For

Question 24

What is Cross-Zone Load Banlancing

Answer 24

Each load balancer distributes evenly across all registered instances in the AZ

Without cross zone load balancing the requests are distributed in the instance of the node of the ELB

It is only enabled by Default for ALB
For NLB and GLB it is disabled and costs $$ to enable.

Question 25

What DBS are managed by AWS (RDS)

Answer 25

• Postgres
• MySQL
• MariaDB
• Oracle
• Microsoft SQL Server
• Aurora (AWS Proprietary database)

Question 26

Advantages of using RDS

Answer 26

• RDS is a managed service:
• Automated provisioning, OS patching
• Continuous backups and restore to specific timestamp (Point in Time Restore)!
• Monitoring dashboards
• Read replicas for improved read performance
• Multi AZ setup for DR (Disaster Recovery)
• Maintenance windows for upgrades
• Scaling capability
• Storage backed by EBS (gp2 or io1)
• BUT you can’t SSH into your instances

Question 27

Storage Autoscaling with RDS - what actions do you need to do

Answer 27

Set max storage threshold

Question 28

What is the max RDS Read Replica?
Are RDS Read replica Confined to a region?

Answer 28

15
RDS Read replicas can be cross region, reads are ASYNC and eventually consistent

Question 29

If you are using RDS read replicas what must the application update in order to read them.?

Answer 29

The connection string

Question 30

How does Aurora handle read scaling?

Answer 30

One Aurora instance takes writes
The master takes writes, once there is a quorum
eg 4 copies out of 6 are written then write is done.

Question 31

What is unique about Aurora

Answer 31

AWS propietarty DB
Cloud Optimized
Storage automatically grows in increments of 10TB to 128TB
Very fast replication
HIghly available
More expensive

Question 32

RDS and Aurora Security points

Answer 32

At-rest encryption:
* Database master & replicas encryption using AWS KMS – must be defined as launch time
* If the master is not encrypted, the read replicas cannot be encrypted
* To encrypt an un-encrypted database, go through a DB snapshot & restore as encrypted
* In-flight encryption: TLS-ready by default, use the AWS TLS root certificates client-side
* IAM Authentication: IAM roles to connect to your database (instead of username/pw)
* Security Groups: Control Network access to your RDS / Aurora DB
* No SSH available except on RDS Custom
* Audit Logs can be enabled and sent to CloudWatch Logs for longer retention