AWS Fundamentals

Question 1

What is the purpose of an Identity Access Management (IAM)?

Answer 1

You always want to create IAM users for admins that have specific needs or tasks in AWS as opposed to using the Root User login.

The Root User always has system-wide/un-restricted access to the AWS environment

Question 2

What are the different IAM types?

Answer 2

Users - user or app

Groups - collection of Users

Roles - assigned when you want to grant access to services but don’t have a definitive number of entities.

Question 3

How do you connect to AWS via CLI?

Answer 3

Access Keys (instead of username/password in the GUI)

Question 4

What makes up an Access Key?

Answer 4

Access Key ID

Secret Access Key

Question 5

What are the 5 fundamentals of of Cloud Computing?

Answer 5

1. on-demand self-service - dont need to notify vendor for resources
2. broad network access - capabilities are available over the network and have standard access mechanisms (Ex. HTTP)
3. resource pooling - location independence; multi-tenancy; economies of scale
4. rapid elasticity - capability appears unlimited; can scale with demand
5. measured service - usage is monitored, controlled, reported, and billed

Question 6

Public v Private v Multi-Cloud v Hybrid Cloud

Answer 6

Public - AWS, Azure, or GCP offer public cloud environments

Private - Outpost, Azure Stack, Anthos

Multi - AWS + Azure

Hybrid - mix of public and private clouds working together; same tools/components/methods are used for both

Question 7

What is a Unit of Consumption?

What are the UOC’s for IASS, PAAS, SAAS?

Answer 7

The part of the system that you pay for/consume. This denotes where your management responsibility begins.

You purchase an EC2 (IAAS), the UOC is the OS that runs the VMs.

PAAS UOC = Runtime
SAAS UOC = Application

Question 8

What are the (3) Zones when talking about Public/Private Services in AWS?

Answer 8

1. Public internet
2. AWS public zone
3. AWS private zone

Question 9

How many accounts & regions can a unique VPC be created in?

Answer 9

One and One.

VPCs are isolated by default - they can’t communicate with anything outside their own VPC unless it’s specified.

Question 10

What are the 2 types of VPC that can be found in a CU environment?

Answer 10

Default VPC and Custom VPC

Question 11

What is the CIDR Range of the Default VPC?

Does the Default VPC have a subnet in each AZ of the region?

Answer 11

It get’s the exact same range every time - 172.31.0.0./16.

Yes - The DEFAULT VPC is configured to have a subnet in every AZ in that specific region that it’s in (/20’s)

Question 12

What is the rate for on-demand billing of an EC2?

Answer 12

By the second or by the hour depending on the resources that are being used.

Question 13

What are the different states of an EC2?

Answer 13

Running - charged for everything (CPU/mem/disk/etc.)
Stopped - still being charged for Storage
Terminated - this is non-reversible

Question 14

What is an Amazon Machine Image (AMI)?

Answer 14

Contains the info required to boot an EC2 instance. You can boot multiple EC2s from a single AMI.

You must specify an AMI when launching an instance.

Question 15

What are the 2 foundational pillars of S3?

As in what are the 2 things that S3 is comprised of?

Answer 15

Objects = files stored in S3
Buckets = containers of Objects

Question 16

What kind of Storage solution is S3?

Answer 16

Object Storage; the files are stored in a FLAT structure i.e no folders.

Question 17

What is CloudFormation?

Answer 17

Service that lets you create/update/delete resources within AWS via templates in an automated fashion.

Templates are written in YAML or JSON

Question 18

What does a CloudFormation Template contain?

What does the list create?

Answer 18

All templates have a list of resources - at least one. This section tells CloudFormation what to do; resources section is the only MANDATORY part of the template. Without a list of resources, the template would do nothing.

The list of resources creates a “stack” of logical resources that the template instructs AWS to provision.

Question 19

What is CloudWatch?

Answer 19

Monitors the performance of the environment.

Service that collects and manages operational data on your behalf. Any data generated by the environment will be logged by the service.

Question 20

What are the categories of data captured by CloudWatch?

Answer 20

Metrics - data relating to AWS products, apps, and on-premise infra; publicly accessible

Logs - collection/monitoring/actions based on logging data (like web server or FW logs); anything that logs data can be ingested by CW.

Events - acts like an Event Hub - if a service does something, the event is logged.

Question 21

CloudWatch key terms:

Name Space?
Metric?
Dimension?
Alarms?

Answer 21

Name Space - container for monitoring data
Metric - collection of related data points
Dimension - separate data points for specific entities
Alarms - can take an acton based on a metric

E. We can look inside a specific Namespace (EC2), and then inside a specific Metric (CPU Utilization), and then at a specific Dimension for the data points coming from a particular instance. We can then trigger an alarm depending on what the output is.

Question 22

Shared Responsibility Model rule of thumb?

Answer 22

AWS protects the security OF the cloud, and the consumer protects the security IN the cloud.

Question 23

What is High Availability?

Answer 23

The system is designed to be online and providing services as long as possible. Failover is automated but minimal downtime might incur.

User disruption is OK.

Question 24

What is Fault Tolerance?

Answer 24

System that allows it to continue operating normally in the event that one or more of the components fail.

If there are faults present - the system should keep working through a failure without any impact.

Think of a life support network at a Hospital.

Question 25

What is Disaster Recovery?

Answer 25

Policies/tools that enable the recovery or continuation of mission critical systems following a natural or human-induced disaster.

DRS is all about pre-planning.

Question 26

What is DNS?

Answer 26

DNS is how systems are discovered on the internet and within private networks. DNS translates machine into human and vise versa i.e IP to domain name.

Question 27

DNS Client?

DNS Resolver?

DNS Zone?

Answer 27

DNS Client - laptop, phone, tablet, etc. The device that wants/needs the IP address for whatever web server that you’re trying to reach. Typically a piece of SW running in the OS of the device

DNS Resolver - SW on your device, or running on your Edge Router that queries the DNS system on your behalf

DNS Zone - a part of the DNS namespace that is managed by a specific organization or administrator.
EX –> .com, .net. .uk zones

Question 28

REVIEW:

Ultimately, DNS responsibility is to: Find the name server which hosts a particular zone file and then query that Name Server for a record that is in that Zone File.

Answer 28

The DNS resolver locates the correct name server for a given zone, queries the zone file on that particular name server(s), get’s the info it needs, and passes it back to the DNS client

Question 29

What are the 2 main functions of Route53?

Answer 29

1. Registers domain names. (has a relationship with all the main domain registries (.com, .uk, .edu, etc.)
2. Hosts Zones/Zone Files on AWS-managed NameServers.

Question 30

REVIEW:

When registering a domain, Route53 checks with the top-level domains to ensure that it is available. Once given the OK, it creates a Zone File for the domain being registered (Zone File is just a DB that contains all of the DNS information for a particular domain).

Answer 30

Route53 also allocates NameServers for this zone; servers that Route53 creates/manages that are distributed globally (usually 4).

Takes the Zone File and puts it into 4 distributed NameServers, and then adds the NameServer records to the TOP-LEVEL domain registry (like .com) - this is recorded into the Zone File for the top-level domain.

Question 31

What is a Hosted Zone?

Answer 31

A Hosted Zone is a container for records. Records contain information about how you want to route traffic for a specific domain, such as example.com, and it’s subdomains (acme.example.com, zenith.example.com).

Question 32

What is a NameServer Record?

Answer 32

NS Record indicates which DNS Name Server(s) is authoritative for that domain (which server contains the actual DNS records).

Question 33

What are A-Records and/or AAAA Records? What is the difference?

Answer 33

Records that map host names to IP addresses.

A-Records map “www.xxxx.com” to an IPv4 address

AAAA-Records map the host name to an IPv6 address.

Question 34

What are CNAME Records?

Answer 34

Lets you create DNS shortcuts. These records don’t point to IP addresses but only other names.

Ex. Instead of creating multiple A-Records for a server that handles FTP, mail, and www/web functions, you have a single A-Record pointing to an IP address and a CNAME record for each function pointing to the single A-Record.

CNAME ftp, CNAME mail, CNAME www –> “A-Record” which then points to IP of mail server

If a change needs to be made, only the A-Record needs to be changed and the CNAME Records will follow.

Question 35

What are MX Records?

Answer 35

Mail Exchange Records

Record that indicates what specific IP address emails need to be sent to i.e the server that finds the mail server.

When you send an email to a certain domain (@cisco.com) the server sending the email on your behalf uses DNS to perform an MX lookup to know which email server to send the data to.

Question 36

What are TXT Records?

Answer 36

TXT records are a type of (DNS) record that contains text information for sources outside of your domain.

Allows you to add text to a created domain name.

Question 37

What is the Time to Live (TTL) value within DNS?

What effect does this TTL value have on a NameServer if it is HIGH or LOW?

Answer 37

DNS TTL (time to live) is a setting that tells the DNS Resolver how long to cache a query before requesting a new one from the Name Server.

Low TTL values means your NameServer gets more queries against it, where as High TTL values means less queries but also gives you less control if you need to make any changes.

When changing DNS records, it’s always recommended to lower the TTL value in advance because it’ll mean less caching of the old record/entry information ahead of cutting over to the new one.

Question 38

DNS Root?

Root Zone?

Name Server?

Zone File?

Answer 38

DNS Root - the starting point of DNS; similar to an upside down tree where the Root is the top of the stump. Root servers are DNS NameServers that operate in the root zone.

Root Zone - top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet. This is where the Root Servers operate.

Name Server - server on the internet specialized in handling queries regarding the location of a domain name’s various services.

Zone File - a DB that contains all of the DNS information for a particular domain.

Question 39

What (2) types of settings are NOT stored in an AMI?

Answer 39

○ Instance settings
○ Network settings

Stores:

• boot volume
• data volume
• AMI permissions
• block device mapping

Question 40

Which type of organization maintains the zones for a TLD (e.g .org or .com)

Answer 40

Registry

Question 41

Which type of organization has relationships with the .org TLD zone manager allowing domain registration?

Answer 41

Registrar